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Microsoft® System Center is a family of 
IT management solutions (including Operations 
Manager and Systems Management Server) 
designed to help you manage your mission- 
critical enterprise systems and applications. 


Dell™ is using System Center solutions to manage 
13,000 servers and 100,000 PCs worldwide. 
That's big. See Dell and other case studies 
at DesignedForBig.com 


Microsoft® 


System Center 
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COVER STORY 


System Center Puts DSI into Practice 

Karen Forster talks with Microsoft's Kirill Tatarinov and Larry Orecklin 
about the latest System Center products and how they address the 
priorities and pain points of systems management. 

InstantDoc ID 94969 —KAREN FORSTER 


FEATURES 


38 Exchange 2007 Transforms Message 
Routing 

Exchange Server 2007 eliminates routing groups in favor of a more efficient 
message-flow process, but you'll need to perform certain tasks to make the 
new routing coexist with legacy Exchange servers. 

InstantDoc ID 94859 —PAUL ROBICHAUX 


SOLUTIONS + 

48 Kick Your Mobile ADS Solution Up a Notch 

We've showed you how to create a mobile ADS solution. Now learn how to 
expand it so you can perform physical machine to virtual machine migrations. 
InstantDoc ID 94982 —ROBERT LARSON 


REQUIRED READING: BACKUP AND RECOVERY 

55 Develop a Storage Strategy with 
Compliance in Mind 

If your company must meet regulatory requirements, your storage management 
strategy should support that need. Take a look at three different standards— 
HIPAA, SEC Rule 17a-4, and SOX—and how each can affect a business's choice 
of storage. 

InstantDoc ID 94904 —DAVID CHERNICOFF 


REQUIRED READING: WEB SERVERS FOR 
WINDOWS 

59 Hosted Applications 

Remotely hosted services can often reduce costs, but you need to evaluate how 
your business plans to use them before you decide to take that route. 

InstantDoc ID 94860 —DAVID CHERNICOFF 


TRICKS & TRAPS 

70 Ask the Experts 

Learn more about the administrative template files in Windows Vista and 
discover the reason behind the short delays when accessing Vista's File Open 
dialog box. 

73 Reader to Reader 

If you need to quickly search through PDF files, you'll want to try this reader's 
creative solution. 

InstantDoc ID 94950 


SHAREPOINT & OFFICE PRO 


IT PRO HERO 

40 Exchange 2007 Lessons from Microsoft IT 

Microsoft Exchange admin Derek Ingalls talks about the high and low 
points of 18 months of using Exchange Server 2007 before its release and 
urges admins to plunge fearlessly into PowerShell. 

InstantDoc ID 94992 —ANNE GRUBB 

REQUIRED READING: SECURITY 
SOLUTIONS + 

44 Secure Connectivity on the Road 

Set up a free and portableVPN with the OpenSSH VPN tool and the Squid 
for Windows proxy server. 

InstantDoc ID 94902 —MARK JOSEPH EDWARDS 


63 SharePoint Server 2007 Revealed 

Take a guided tour, using practical experiences to manage content, tasks, 
workflow, and Web parts. 

InstantDoc ID 94914 —DAN HOLME 


68 Getting to Know Office 2007 

Learn how Pivot Tables display hierarchical data, what OneNote 2007's OCR 
indexing means for your searches, and why you might want to consider using 
Word 2007's blogging feature. 

InstantDoc ID 95004 —DAN HOLME 


COLUMNS 



Karen Forster 

IT Pro Perspective 

From ExBPA to ExRAP 

Exchange Server Best Practices 
Analyzer and the Exchange 
Server Risk Assessment and 
Health Check Program help you 
proactively identify and solve 
problems in your Exchange 
configuration. 

InstantDoc ID 95118 


■ Paul Thurrott 

Need to Know 
2007-2008 Microsoft Windows 
Server Technologies 

The next 2 years will be significant 
for Windows Server technologies. 
Paul Thurrott helps you 
understand Windows Server 2003, 
Windows Home Server, Windows 
Centro Midmarket Server, 
Windows Server Longhorn, and 
Windows Server virtualization. 
InstantDoc ID 94726 


Access articles online at http://www.windowsitpro.com. Enter the article ID in the InstantDoc ID text box. 





























PRODUCTS 




17 


23 



sdmsoftware 


New & Improved 

Check out the latest products to 
hit the marketplace. 

PRODUCT SPOTLIGHT 
Virtual Iron Software's Virtual 
Iron 3.1 

InstantDoc I D 94888 —BLAKE ENO 

COMPARATIVE 

REVIEW 

Patch Management 
Solutions 

See how Microsoft's free 
WSUS stacks up against 
Patch Link Update and Shavlik 
HFNetChkPro Plus. 

InstantDoc ID 94912 

—PHILIP MORGAN 


REVIEW 

27 E-Trail Digital 
Archive 

E-Trail Digital Archive does a 
good job of archiving electronic 
communications data but 
might be a challenge for some 
companies to introduce. 


—Carlton Whitmore, systems analyst 


REVIEW 

System Center 
Essentials 2007 
Beta 2 

Microsoft's promising 
management solution is aimed at 
midsized businesses. 

InstantDoc ID 94762 —ED ROTH 


InstantDoc ID 94885 

—MICHAEL D. CASSENS 


REVIEW 

28 EventSentry 2.72 

EventSentry 2.72 provides the 
network-monitoring capabilities 
that small businesses need. 
InstantDoc ID 94824 

^}OEL B. BARKER 


WHAT'S HOT 


78 Readers Review Hot Products 

VMware Converter 3 Beta, NirSoft's ProduKey, and Hardcopy 

InstantDoc ID 94187 —BLAKE ENO 


27 Paul's Picks 

The best Office upgrade in a 
decade, Microsoft Office 2007 
System offers new UIs for Word, 
Excel, Access, and PowerPoint. 
The new upgrade to Firefox is 
solid, but not a revelation. 

InstantDoc ID 94980 

=PAUL THURROTT 


31. BUYER’S GUIDE 

Light Database 
Tools 

These entry-level database 
solutions are ideal for individuals 
and small organizations. 

InstantDoc ID 95091 —BLAKE ENO 
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£5 Connecting the 
IT Community 

IQ letters@windowsitpro 
.com 

87 Directory of Services 
87 Advertising Index 

87 Vendor Directory 

88 Ctrl+Alt+Del 
88 Dilbert 


WEB EXCLUSIVE 


The Business End 

Take Control of 
External Audits 

Follow these five tips to better 
manage the time and effort 
your IT department spends on 
external audits. 

InstantDoc ID 946141 

—BEN SMITH 



Mark Minasi 

Windows Power Tools 

The Lowdown on Takeown 

A great new tool in Vista and 
Windows 2003 offers a quick 
command-line method for taking 
ownership of files and folders. 

InstantDoc ID 94831 



Michael Otev 

Top 10 

Most Enticing Vista Features 

The new business-oriented 
features included in Windows Vista 
provide additional functionality 
and make the new OS easy to use 
in the workplace. 

InstantDoc ID 94798 


» UPcarninq Pcath 


Article not a perfect fit? Find more resources to match your knowledge and skills. 


ESUBH^a Network with authors, peers, product vendors, and Microsoft. 






































Tired of Nursing 
Your Exchange 
Server? 


nyonc who has given birth to ;an Fxchangc 
network knows it can get sick and needs 
some nursing to stay healthy. In fact, 72% 
of Exchange Administrators surveyed* have 
“experienced' 1 an Exchange disaster (feels 
like the flu)—usually from improper feeding 
and care. 


Prevent Hiccups 

GOexchange removes errors, warnings and 
inconsistencies within the database—before 
major corruption makes the database fail. 

“GOexchange corrected 2,264 errors 
and 26 warnings. ” 


^Psxehan 


l.ike many databases, constant adding and 
deleting can corrupt an Exchange data file 
so it eventually turns sour, Replicating, 
archiving and backing up llic data doesn’t 
stop the stink il just stores it. You’ve 
got to... 

Fix the Problem 

You may have tried the free utilities to fix 
Exchange. While they help, they arc too 
tedious, time consuming and lightweight to 
keep your Exchange baby healthy. You’ve 
tried the milk, now try some meat! 


Paul Ramos, Director IT 

Run, Don't Crawl 

In addition to fixing the database, 

GOexchange removes sluggishness and 
improves perfonnanee by re-indexing and 
defragmenting the database to permanently 
remove white space and deleted items. The 
end result is increased performance and 
stability with a compact efficient database 
that’s 31 to 55% smaller! Combine this 
with archiving and the database is up to 91% 
smaller—making it much quicker to backup. 


Created By 



Solutions inspiring Confidence 


“Life before GOexchange ... was 
an absolute nightmare , late nights, 
long weekends and upset users ." 

Marty Grogan, CTO 

Stop The Crying 


Pamper Yourself with GOexchange 

It’s time to try GOexchange, from LucidS, 
the #1 best-selling automated disaster 
prevention and optimization software for 
Microsoft Exchange 5.5, 2000, 2003 and 
2007. As the mother of all Exchange tools, 
GOexchange helps prevent disasters, repair 
problems, improves performance, and 
saves vou a lot of time. 

"Without routine maintenance, 
decreasing performance, 
increased warnings and 
errors accumulate and 
database fragmentation 
transpires, leading to 
Exchange disasters* * 

Gartner 


Ai „our information stores were reduced 

by 45-50%. ” 

Dale 1 luitl. Systems Lead 

Automated Babysitter 

First GOexchange is easy to setup and use. 
Tw enty minutes that’s all it takes to get 
your server up and running. Just schedule it, 
and walk away! 

The software notifies die users, validates 
the database, runs the backup, conducts 
a comprehensive system analysis and 
diagnostics, logs the errors, and notifies you 
if it discovers a “stop” error then it repairs 
and defragments the database, generates a 
thorough report and schedules the next event. 

You can do some of this W'ork yourself, but 
why waste time doing repetitive maintenance, 
when GOexchange can do it for you faster 
and more effectively than doing it by hand. 


Why not call now, or visit our resource 
site and learn how to reduce the risk, and 
avoid ihe pain. Protect your exchange data, 
maximize performance, and spend a weekend 
at home —instead of babysitting Exchange . 


Special Offer 

• Free Software for analysis of your 
Exchange server! 

• Free White Paper—“Basic Feeding 
of Your Exchange Server.” 

• Free Essential Guide to Exchange 
Preventative Maintenance 

Go to: www.Lucid8.com/GorTPro 

Call 425.456.8474 


E-irtail: Sales@Lucid8.com 



Copyright © 2007 LuciCS. All rights reserved Microsoft® Exchange Server is a registered trademark nf Microsoft® Corporation AH other trademarks are Ihe property ol their respective owners * Refers to Survey conducted by LucidS, See press release far more details 
















Connecting the IT Community 



COMPLIANCE, CRISES, 

CONSOLIDATION 


“Roadmap to Email Archiving and 
Compliance” 

How will compliance regulations affect your IT infra¬ 
structure? This free eBook will help you design your 
retention and retrieval, privacy, and security policies 
to ensure that your organization is compliant. 

http://www.windowsitpro.com/go/ebooks/sherpa/ 
compliance/?code=marcitc 

“The Email Management Crisis” 

Make 2007 the year that you proactively address 
email challenges before they turn into a true crisis. 
Get the inside track on the problems that will come 
to a head in 2007 with this comprehensive guide. 

http://www.windowsitpro.com/go/whitepapers/messageone/emailcrisis/ 

?code=marcitc 

“Top 5 Reasons Storage Consolidation Should Re on 
Every IT Department’s Short List"' 

Do you know where your information is? Is it protected? Backed-up? Download 
this free podcast today to learn the top five reasons for considering storage con¬ 
solidation. 

http://www.windowsitpro.com/go/podcast/hp/consolidation/?code=marcitc 


Exchange Server Roadshows 

D o you wonder whether Exchange 2007 really will improve your email environ¬ 
ment and enhance productivity? Join independent experts and your peers 
for the Microsoft Unified Communications roadshows, coming to eight US 
cities in March and April. In addition to a product feature overview, you’ll learn how to 
effectively install, manage, and secure Exchange 2007. 

http://www.windowsitpro.com/go/exchangeshow 



YOUR 

SAVVY 

ASSISTANT 


Y our new assistant, Christan 
Humphries, is working hard 
to connect you to information and 
resources that you might not be 
aware of. Here’s a section from one of 
her recent posts. Check out the Web- 
exclusive column at http://windows 
itpro.com/departments/departmentid/ 
1035/1035.html. 

Readers requested: 

“What are Client Services 
for Netware?” 

InstantDoc ID 14415 

Related resource: 

“How do I uninstall the Client Ser¬ 
vices for Netware component?” 
InstantDoc ID 93410 

The comment thread on the “What are 
Client Services for Netware?” article 
shows a lot of readers searching for 
how to uninstall Client Services for 
Netware, and one reader even offers a 
solution in the comment section. Now, 
Mama didn’t raise no fool, so I figured 
that you all might like to see an article 
that answers your questions. Check 
out this related article for some official 
instructions about uninstalling Client 
Services. 


\ Hey Microsoft! Blog 

I IV /T y Hey Microsoft! column in Windows IT Pro has been my 
-LVA cerns to the product developers at Microsoft and get the 


www.windowsitpro.com 


I IV /T y *"* ey Microsoft! column in Windows IT Pro has been my attempt to take your questions and con- 
-LVA cerns to the product developers at Microsoft and get them to respond and see if they really hear 
you. I decided to start this blog because I’m always talking to Microsoft and getting briefed on stuff, but there’s 
never enough space in the magazine to cover it all. So, I’ll tell you what I find out, and I invite and encourage you to tell me what 
you think, want, and need. I’ll take your input back to Microsoft, but better yet, they can just read this blog, too.:-) 

—Karen Forster 

Connecting the IT Community Windows IT Pro MARCH 2007 































Lieberman Software has 
the most Windows Vista™ 
certified applications on 
the market today* _ 


Our management products 
support all platforms from 
Windows NT 3.51 to the latest 
Microsoft Longhorn beta builds. 


• Self-service domain user password 
reset and recovery (Web and Windows) 

• Email notification of expiring domain 
accounts and unused accounts 


• Windows Vista configuration, security 
and vulnerability analysis and remediation 

• Extensive Windows Vista system reporting 
and management capabilities 


• Makes User Account Control 
deployment easier 

• Scheduled randomization of local 
administrator account credentials 


1 Mature industry-standard products deployed 
worldwide for over 10 years 


Searching for Microsoft Vista Management Products? 


• Our tools are already widely used by most 
Microsoft Global Accounts 

• No risk, try-before-you-buy policy 
on all of our products 

Weeks of work cut down to seconds™ 
The Next Step? 

Visit us today at www.liebsoft.comWistaPilot 
to discuss the wide range of Windows Vista 
management products we offer and to arrange 
for a free pilot installation of our products at 
your site. 

A, 

LIEBERMAN SOFTWARE 

Toll free: 1-800-829-6263 • Direct: 3 10-550-8575 
www.liebsoft.com • sales@liebsoft.com 

©2006 Lieberman Software Corporation. Windows Vista and the Windows Vista 
Start button are trademarks or registered trademarks of Microsoft Corporation in 
the United States and/or other countries. All other trademarks are the property of 
their respective owners. *As of November 15, 2006 Lieberman Software Corporation 
had more Windows Vista certified software applications on the market than any other 
software company. 
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IT Pro Perspective 


From ExBPA to ExRAP 

A virtuous cycle benefits Microsoft by making IT more effective 


A virtuous cycle, according to Wikipedia is a system 
of events that includes a feedback loop "in which 
each iteration of the cycle reinforces the first," 
and "a virtuous cycle has favorable results" That definition 
pretty well describes the effect of the Exchange Server Best 
Practices Analyzer (ExBPA), Microsoft's automated scan¬ 
ning and reporting tool that lets you check your Exchange 
configuration against current Microsoft best practices. 
Since Exchange Server 2003 ; s ExBPA launched in Sep¬ 
tember 2004, its scope has continually broadened from 
approximately 500 best-practices rules and 300 related 
online articles to 3,000 rules with approximately 1,500 
related articles today. The rules are based on best practices 
derived from customer support data and contributed by 
Exchange users. 

But the tool's growing scope isn't the only favorable 
result of ExBPA, as I learned in a recent conversation with 
Jim Lucey, a supportability program manager for Exchange 
in Microsoft's Customer Services and Support (CSS) orga¬ 
nization, and Clarence Satchell, a program manager in Pre¬ 
mier Field Engineering. In addition, Jim told me, "ExBPA is 
a proactive tool, but our feedback to the product group was 
that customers have a lot of other pain areas: performance, 
mail flow, disaster recovery scenarios, etc. So the product 
team has created more reactive rules-based troubleshoot¬ 
ing tools built on the ExBPA engine. They also built ExBPA 
into Exchange 2007, so we have built-in tools for some criti¬ 
cal situation areas to help troubleshoot for our customers." 
(To learn about a couple of these tools, see "The Exchange 
Performance Troubleshooting Analyzer" at http://www 
.windowsitpro.com/article/articleid/49524/49524.html.) 

Another favorable result is that other Microsoft products, 
including ASP.NET, ISA Server, and SQL Server now also 
have or are developing best practices tools. 


ExRAP 

An interesting outgrowth from ExBPA is the Exchange Server 
Risk Assessment and Health Check Program (ExRAP), 
which Microsoft started in March 2005 for customers who 
have a Premier Support contract. Clarence is in charge of 
ExRAP and told me it's "an onsite engagement that consists 
of three phases: data collection, analysis and reporting, and 
remediation. During data collection, we use tools such as 
ExBPA and an operational survey with IT to gauge whether 
they're working according to best practices." An example of 
the questions on the operational survey is: "Do you have 
documented and communicated escalation matrices for 
Microsoft Exchange Server outages? [Escalation matrices 


define escalation paths to higher levels of technical resources 
and higher levels of management based on duration triggers 
and severity triggers. For example, a severity 1 outage might 
be escalated immediately to Tier 3 support, and executive 
management might be notified after 1 hour)” 

Next, Clarence explained, "From those results, we send 
the data to [Microsoft IT] MSIT and generate a scorecard, 
or benchmarking against MSIT best practices, to see where 
this customer stands. The support engineer can review the 
results and interject information as well, because every¬ 
body's environment is different. Once the information has 
been finalized, we produce two reports for the customer: 
one for the executives and a detailed report for IT." 

Clarence continued, "Our scorecard uses red, yellow, 
green (high, medium, low risk) indicators to rate dependen¬ 
cies such as networking, disaster recovery, security. From 
those results, we have a dialog with the customer and do 
a formal presentation at the end. We explain in detail each 
of the issues we found and why they have a certain severity 
associated with them." 

Finally, Clarence said, his team loops back with the cus¬ 
tomer to "lay out a remediation plan that shows which find¬ 
ings are most critical and which ones need to be addressed 
in what timeframe." Microsoft engineers can assist with 
the remediation, or customers can fix the problems them¬ 
selves. 

The goal of ExRAP, Clarence says, is "to educate cus¬ 
tomers about the risk that's inherent in their environment. 
They may have gone years without any issues at all or they 
may have constant issues and don't know what's caused 
them. We try to bring all this to light so we can reduce those 
repeatable offenses." 



Karen 

Forster 

(karen@windowsitpro 
.com) is editorial and 
strategy director for 
Windows IT Pro and SQL 
Server Magazine and for¬ 
mer director of Windows 
Server User Assistance at 
Microsoft. 


Favorable Results 

The most impressive aspect of my conversation with Jim 
and Clarence was discovering how deeply they care about 
customers and how eager they are to improve not just 
Microsoft's customer support, but also Microsoft's products. 
As Jim put it, "I think customers would be amazed to know 
how much focus we put into understanding customer pain 
and making sure product groups in the company under¬ 
stand that pain. So many supportability fixes, solutions, sce¬ 
narios are addressed in the products. We're really trying to 
learn from groups that have done it well and make that a best 
practice for other products struggling in that area." (For more 
information on ExRAP, see http://www.microsoft.com/ 
technet/itshowcase/content/exchrapissues.mspx.) ^ 
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Daylight Savings Time 
starts March II and ends 
November 4 this year! Get 
a time zone update for 
Windows XP and Windows 
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4973398492F8FAA235AF 
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ADVERTISEMENT 


Restore and Maintain Peak Performance 

Eight things you need to know - a special report 



Diskeeper’s interface shows fragmentation levels and relative 
location of all the files and folders on the selected volume. 


A s an IT Professional, you know the 
importance of maintaining 
system performance and reliabili¬ 
ty. Your team is the one called to the 
rescue when desktops or servers crash, 
slow down or freeze. Many of these 
issues stem from a single, hidden source: 
disk fragmentation. 

1 Reliability issues commonly 
•traced to disk fragmentation: 

Crashes and system hangs/freezes; slow 
boot times and boot failures; slow back 
up times and aborted backup; file cor¬ 
ruption and data loss;errors in programs; 
cache issues; hard drive failures. 

Having files stored contiguously on the 
hard drive is a key factor in keeping a 
system stable and performing at peak 
efficiency. Even a small amount of frag¬ 
mentation in your most used files can 
lead to crashes, conflicts and errors. 

2 The weak link in today's comput- 

•ers: A computer system is only as 
fast as its slowest component. The disk 
drive is by far the slowest of the three 
main components of your computer: 
CPU, memory and disk. Even with the 
fastest CPU system performance would 
be affected by disk fragmentation. 

3 1s real-time, automatic defrag- 
•mentation needed in today's 
environment? More than ever! Large 
disks, multimedia files,applications,oper¬ 
ating systems, system up-dates, virus sig¬ 
natures — all dramatically increase the 
rate of fragmentation. Fragmentation 
increases the time to access files for all 
common system activities including 
opening and closing Microsoft® Word 
documents, searching for emails, opening 
web pages and performing virus scans.To 
keep performance at peak, fragmentation 
must be eliminated instantly. 

4 Increased server uptime: 

• Fragmentation can cripple server 
performance and reliability resulting in 
downtime and lost production. 


Diskeeper can easily 
and safely be used 
on your servers 
including: file and 
print, web, domain 
controllers, SQL, 

Exchange, and any 
other database or 
application servers. 

5 Virtualization 
•and fragmen¬ 
tation: Server virtu¬ 
alization can be 
used to reduce the 
number of physical 
systems for more 
efficient CPU utilization. However,there is 
a downside; the disk subsystem must now 
account for increased disk I/O. Disk fragmen¬ 
tation is the primary cause of unnecessary 
I/O overhead. Automatic defragmentation is 
more important than ever for maximum 
performance. 

6 Hidden scheduled defragmenta- 
•tion costs: Scheduled defragmen¬ 
tation is not "free"— it has heavy hidden 
costs, such as IT time to set and monitor 
defrag for every system. This results in 
either staying after hours to defrag, 
giving the users administrator privileges 
(not likely!), break-fix handlings, or more 
often no defrag whatsoever. 

7 } How do I find out how much frag¬ 
mentation I have? Download a free 
trial version of new Diskeeper 2007 at: 

www. diskeeper. comM/in it pro 

Install it, select a volume, select Analyze 
and view the report. 

8 Advanced, automated defrag- 
•mentation: Maintaining systems 
can be a daunting task - maintenance, 
including regular defragmentation, must 
take place regularly to keep them running 
at peak levels. However, with constant 
uptime required, scheduling such 
processes to run at the right times can be 


tricky, since while running they pose a 
considerable drain on system resources. 

Diskeeper 2007 marks the end of schedul¬ 
ing, and the beginning of REAL TIME, on 
the fly maintenance of systems. Never 
again worry about dips in performance or 
straining valuable system resources - even 
when demand is at its absolute highest! 

Customers agree Diskeeper maintains 
the performance and reliability of their 
desktops and servers, reducing mainte¬ 
nance and increasing hardware life. 

Every system you manage needs 
Diskeeper for enhanced file system per¬ 
formance — automatically! 

Diskeeper 

Enhancing File System Performance — 2007 
—Automatically™ 


Special Offer 


Try Diskeeper 2007 FREE for 45 days! 

Download: www.diskeeper.com/winitpro 

(Note: Special 45-day trialware is 
only available at the above link) 

Volume licensing and Government / Education 
discounts are available from your favorite 
reseller or call 800-829-6468 code 9250 

For test results, white papers and case studies, 
visit http://www.diskeeper.com/winitprodocs 


•J 



corporation 


©2007 Diskeeper Corporation. All Rights Reserved. Diskeeper, Enhancing File System Performance — Automatically, and the Diskeeper Corporation logo are registered 
trademarks or trademarks of Diskeeper Corporation in the United States and/or other countries. Microsoft is a registered trademark of Microsoft Corporation in the 
United States and/or other countries. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.diskeeper.com 
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DNS Commands and 
Managing Servers 

Although all of the recommendations 
Mark Burnett makes in his article 
"Segregate Your DNS Servers" (Sep¬ 
tember 2006, InstantDoc I D 92660) 
are good and the content is accurate, 
the article should have noted that 
some of the commands it contains 
significantly alter the manageability 
of a Windows 2003 DNS server. 

Most Windows system admin¬ 
istrators are used to working in a 
GUI-driven environment. The more 
proficient administrators have at 
least passing familiarity with the 
command line. However, using the 
recommended command 

dnscmd /Config /RPCProtocol 0 

results in a DNS server that is 
unmanageable via either GUI or the 
DNSCMD utility. Attempting to con¬ 
nect to the system either remotely 
or from the local console with the 
dnsmgmt.msc console will fail, and 
executing the dnscmd.exe utility to 
connect to the server results in an 
error 1722 (RPC server not avail¬ 
able). Although this configuration 
might be desirable in a very locked 
down environment, there needed to 
be a qualifying note included in the 
article explaining this effect, such as 
a suggestion that the configuration 
be set via a script so that it can be 
quickly reversed if system changes 
are desired without having to resort 
to BIND-like editing of the zone or 
other configuration files. 

It should also be noted that run¬ 
ning 

dnscmd /ZoneAdd ./Primary 

will result in the server being unable 
to resolve any host that is not listed in 
a zone for which the server is author¬ 
itative or hosts as a secondary zone, 
or that is explicitly listed in the %win- 
dir%\system32\drivers\etc\hostsfile. 
Although this might be obvious to 
a more seasoned Windows admin¬ 
istrator, I suspect there are a large 


number of Windows admins who 
read your magazine who might not 
be immediately aware of the effect of 
being "root" from a DNS perspective. 

—Levi Spears 

Postini 
Pricing 

I read the 
Buyer's Guide 
"Antispam Solu¬ 
tions for Busi¬ 
ness" (January 
2007, InstantDoc 
I D 94326) , and I 
think it's a little 
misleading to list 
Postini's Perim¬ 
eter Manager 
Enterprise Edition 
as costing $43,000 for two years and 
up to 1,000 users. You can purchase 
the Perimeter Manager solution for 
a small to medium-sized business: 

I've got a contract for 150 users and 
it costs me less than $5,000 a year. I 
believe Postini's pricing is competi¬ 
tive, but a $43,000 price tag in a table 
where the pricing for other products 
is listed at $2 per month can be mis¬ 
understood pretty easily. 

—Andy Ognenoff 

Upgrading to Vista 

I read Karen Forster's IT Pro Per¬ 
spective article "The Value of Vista, 
Office, and Exchange" (January 2007, 
InstantDoc I D 94455) and wanted to 
respond to her question about plans 
to upgrade. I'm the director of a five- 
person IT department that supports 
a 500-user, 20-location company. 
Because our organization replaced 
80 percent of our desktops with thin 
clients, we don't have a large base of 
Windows XP workstations. Our larg¬ 
est XP installed base is our mobile 
laptop users. Our focus has been and 
will continue to be the enterprise 
applications that we use to run the 
business. We will continue to keep 
our data in the datacenter and host 
our applications on the network. We 


will keep using VPN and Terminal 
Services to provide internal and 
external access to applications and 
data. 

In the past, there was a huge need 
to upgrade Windows at the desktop 
because it was missing 
things or was buggy. I 
really don't see that now. 
XP is secure, reliable, 
and plug-and-play. 

After upgrading to Vista, 
users will still need to 
purchase third-party 
products for every¬ 
thing they purchased 
third-party products 
for in the past. Like 
XP, Vista won't pro¬ 
vide the tools users 
are going to need: They'll 
still need access to enterprise apps, 
an office suite, and everything else. 
Vista is just the OS. I know Microsoft 
claims that Vista will cost less to 
maintain, but even Microsoft admits 
that it's a small margin. I expect the 
savings would disappear if end-user 
and IT training were included, not to 
mention the cost of porting the odd 
apps to the new OS. By the time that 
margin of cost reduction pays for 
itself, it will be time to move to the 
next OS. We'll be replacing XP only 
as part of the hardware replacement 
cycle. 

I don't mean to sound nega¬ 
tive. Microsoft has done a great job 
on Vista and deserves credit for 
where business computing is today. 
Home users will probably be totally 
impressed with the new look and 
feel. But business goals are well 
beyond finding a good desktop OS. I 
think Microsoft knows this, and that's 
why it's offering an ever-increas¬ 
ing line of application servers and 
packing capabilities such as VoIP in 
the next release of Exchange. I'll be 
interested in the new and improved 
Terminal Services capabilities in 
Longhorn Server, but Vista isn't much 
more than a blip on my radar. ^ 
—Nate McAlmond 
InstantDoc ID 95154 



EDITOR’S 

NOTE 

Windows IT Pro welcomes 
feedback about the maga¬ 
zine. Send comments to 
letters@windowsitpro.com, 

and include your full name, 
email address, and daytime 
phone number. We edit all 
letters and replies for style, 
length, and clarity. 
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.INFRASTRUCTURE LOG 

_DAY 15: Our network’s too complex to manage. We’re 
not proactive at all; we’re just reacting. Help! 

_Gil brought in a crystal ball. Says he can peer into 
the future of our infrastructure. 


_DAY 17: I see a better way: IBM Tivoli middleware. 

It gives us a holistic view of the infrastructure and 
analyzes the relationship between apps, systems and 
networks. Fixes problems proactively for more uptime 
and more storage availability. Plus, it’s open, 
modular and scalable. 

_Gil says he saw all that too but forgot to tell us. 


Better manage the business of I.T. at: 

IBM.COM/TAKEBACKCONTROL/PROACTIVE 


IBM, the IBM logo and Tivoli are registered trademarks of International Business Machines Corporation in the United States and/or other countries. ©2006 IBM Corporation. All rights reserved. 
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What You Need to Know About... 

2007-2008 Microsoft Windows 
Server Technologies 


T he next 2 years are going to bring a series of major 
and significant updates to all of Microsoft's Win¬ 
dows Server products, as well as an exciting series 
of new product releases aimed at ensuring that everyone's 
favorite software giant hits every conceivable portion of the 
server software market. However, even the most cynical 
Microsoft customers should be impressed with the sheer 
volume of server technologies the company is planning to 
introduce. So many technologies, in fact, that this article 
can serve only as a cursory overview, and one that I'll try to 
expand on in the coming months. In the meantime, here's 
what Microsoft has up its sleeve. 

Windows Server 2003 
Service Pack 2 

With Windows Server 2003 Service Pack 2 (SP2), due out 
in the first quarter of 2007, there's much less deployment 
pain to fear than there was with SP1, which included major 
new features. Instead, SP2 is a more typical service pack that 
bundles all of the previously released hot fixes and patches 
(including SP1) into a single, easy-to-deploy update. It also 
includes a number of new features, and although some are 
quite interesting, none are major. 

The most important thing you need to know about 
SP2 is that there'll only be one version of this service pack. 
Whether you're running any 32-bit or 64-bit version of 
Windows 2003, Windows Server 2003 Enterprise x64 Edi¬ 
tion, Windows Server 2003 Release 2 (R2), or even Windows 
XP x64 Edition, a single SP2 version will update your entire 
system. You won't have a confusing slew of slightly different 
SP2 releases to worry about. 

So what's new? SP2 includes Microsoft Management 
Console (MMC) 3.0, which was introduced in R2 but is 
now available to all Windows 2003 users. It also includes 
the Scalable Networking Pack and Windows Deployment 
Services (WDS) so that Windows 2003 users can deploy 
Vista clients. WDS can be used in three modes: Legacy (in 
which it works like a Microsoft Remote Installation Ser¬ 
vices—RIS—server), Mixed (in which you can use both RIS 
and WDS tools and technologies), and Native (WDS only). 

Windows 2003 SP2 will initially be made available as 
an optional download, via Microsoft Update, for its first 
three months of availability. After that, it will be deployed 
via Automatic Updates as a critical update, although busi¬ 
nesses will be able to block SP2 for one year. However, after 
that year elapses, SP2 will become a mandatory update. 
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Windows Home Server 

A few years back, I first wrote about Windows Home Server 
(currently code-named "Q" but previously code-named 
"Quattro"), but this highly confidential project has been 
developed under a fog of secrecy that Microsoft has rarely 
been able to sustain. At the Consumer Electronics Show 
(CES) in January 2007, however, the company finally 
announced its plans for a home server. In addition, while 
this product won't have any impact on the majority of busi¬ 
nesses, it looks like a fascinating option for home-based and 
very small businesses. 

Windows Home Server is unlike any other Windows 
Server product. It won't support Active Directory (AD) 
domains or any other kind of directory, although Micro¬ 
soft did briefly investigate that possibility. Instead, Home 
Server will provide a few key pieces of functionality, the 
most intriguing of which is its storage technology. Windows 
Home Server will provide automatic backup for all of the 
PCs in a user's home, and by using a new patent-pending 
Single Instance Store (SIS) technology, it will achieve dra¬ 
matic compression results. 17GB to 19GB of data, I'm told, 
can be compressed down to 300MB of backups. Microsoft 
will employ an image-based, full-PC backup with incre¬ 
mental backups thereafter, as well as document and data 
backups. 

Storage on the server is handled in an obvious yet 
innovative way. Instead of using drive letters, Windows 
Home Server will aggregate all of your storage into a single 
storage pool, no matter how many drives you add. You 
can hot-add internal and external storage, whether Serial 
ATA (SATA) drives or USB devices, at least on the servers 
that will support this product (standalone Windows Home 
Server software will also be made available, so you will be 
able to install it on your own machines). What's interest¬ 
ing about this approach to storage is that users can specify 
certain data files—such as digital photos—as "important." 
Windows Home Server will ensure that it backs up at least 
two copies of "important" files, one each on two different 
physical drives, increasing the chance that one copy will 
survive in the event of a hardware failure. 

Windows Home Server will also provide remote access 
over the Internet to any connected PC on the network run¬ 
ning XP SP2 and later, including Vista, and to the server 
itself, providing the type of functionality one now associates 
with solutions like GoToMyPC and LogMeln. 

PC builders such as HP are coming out with innovative 
Windows Home Server hardware, although you can always 
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For an in-depth preview 
of Windows Home Server, 
including a look at its 
capabilities for expand¬ 
able storage, PC backup, 
remote access, and shar¬ 
ing capabilities, visit Paul 
Thurrott's SuperSite for 
Windows at http://www 
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.INFRASTRUCTURE LOG 


_DAY 33: Our information is siloed. Unmanageable. 
People can’t access the latest info to make decisions. 
Gil’s resorted to giving everyone access to everything 
all at once. 

.Monitors now outnumber humans 18 to 1. 

.DAY 36: It’s clear to me. We need an IBM Information 
On Demand middleware solution. Info will be liberated 
from the silos—available when we need it, whatever 
the format. Accurate and in context. Now we can make 
smarter decisions and deliver real business value. 


.Access is a beautiful thing. 



Information Management 


See innovative IBM Info Management solutions in action: 

IBM.COM/TAKEBACKCONTROL/INFO 


IBM and the IBM logo are registered trademarks of International Business Machines Corporation in the United States and/or other countries. ©2006 IBM Corporation. All rights reserved. 
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build your own. Although pricing wasn't avail¬ 
able at the time of this writing, Microsoft 
understands that this product must sell to the 
consumer market, so expect the company to be 
aggressive in this area. 

Windows “Cougar” 

Small Business Server 

Due in early 2008, Windows Cougar, Micro¬ 
soft's next major version of Small Business 
Server (SBS), will be based on Windows Server 
Longhorn, which I cover a bit later. At this 
point, Cougar is less well defined than Win¬ 
dows Home Server. We know that Cougar will 
include Longhorn Server, Exchange Server 
2007, Windows SharePoint Services 3, Sys¬ 
tem Center Essentials 2007, SQL Server 2005 
Workgroup Edition, and ISA Server 2007. We 
know that it will serve the same market that 
SBS did—small businesses with 75 or fewer 
PCs. We also know that it will include tech¬ 
nologies related to PC and data protection, 
remote access, and antivirus/anti-spyware. 
More specific details, however, are unknown. 
Stay tuned. 

Windows “Centro” 
Midmarket Server 

Microsoft's been talking up its midmarket 
server offering, code-named Centro, since 
early 2006, and with the first beta release 
late last year, this product is finally shaping 
up. Unfortunately, because of non-disclosure 
agreement issues, I can't discuss this product 
in detail yet, but if you imagine a multi-server 
version of SBS that works with far more users, 
you're on the right track. I'll write more about 
Centro in the coming months. 

Windows Server Longhorn 

Windows Server Longhorn, or Longhorn 
Server, is shaping up to be the biggest Windows 
Server release since Windows 2000. Like Vista, 
Longhorn Server has been redesigned from the 
ground up in a modular fashion, which has sev¬ 
eral benefits. First, a roles-based model makes 
Longhorn Server easy to install and manage, 
and features specific to certain functional 
roles aren't installed until an administrator 
decides they're necessary. This functionality 
significantly reduces the server's total attack 
surface. Second, because Longhorn's roles 
understand exactly which dependencies are 
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required whenever features are added and 
removed, users never have to go back manu¬ 
ally, as they did with Windows 2003's SCW, 
and reestablish security. Finally, Longhorn 
Server will be available in a stripped-down 
Windows Server Core version that will provide 
only basic infrastructure services with no GUI 
at all. Enterprises have been asking for this 
feature for years. 

Windows Server Core provides access to 
seven core services—Win2K Server Terminal 
Services, Internet Authentication Service (IAS), 
Microsoft Internet Information Services (IIS) 
7.0, Windows SharePoint Services 3, Windows 
Server Virtualization (see below), printing, 
and media streaming—all via a command-line 
interface, although you're free to use GUI tools 
if you want to control the server remotely. (You 
can also administer Windows Server Core via 
Terminal Services.) Note that because Win¬ 
dows Server Core doesn't include the .NET 
Framework, it can't support certain features in 
this first version. But Microsoft has big plans for 
the next version, which will be bundled with 
Longhorn R2 in 2009. 

The Longhorn Server feature set is so vast 
that I can only hit the high points here. It will 
include the .NET-based Windows PowerShell 
command-line environment for scripting and 
automation. The new Windows Server Man¬ 
ager, based on MMC 3.0, will provide a friendly 
and task-based approach to managing your 
Windows Server's various roles. (And yes, you 
can finally install multiple roles simultane¬ 
ously.) The newly rebuilt Windows Firewall 
supports bidirectional filtering and is fully 
policy-controlled via Group Policy and AD. 
Longhorn's Web server, IIS 7.0, is built on the 
same roles-based underpinnings as Longhorn 
itself, providing better security and a smaller 
functional footprint. 

As with Vista, Longhorn's TCP/IP network¬ 
ing stack has been completely rewritten and 
now supports almost real-time analysis and 
control of everything that moves through it. 
The stack also includes the ability to fine-tune 
network window sizes on the fly. Previously, 
windows were hard-coded to certain small 
sizes, hindering performance and ease of use. 

To protect the server from attack and reduce 
downtime, Longhorn Server includes a num¬ 
ber of technologies—such as BitLocker Drive 
Encryption, Secure Startup, Windows service 
hardening, and the Restart Manager, which 
reduces the need to reboot by 50 percent by 
restarting individual services instead of the full 
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system when a patch is installed. In addition, 
because of its roles-based approach, Longhorn 
Server is always in "shields up" mode, regard¬ 
less of the roles you've configured. As roles and 
features are added and removed, the server 
ensures that it's always configured for the best 
security, automatically. 

Longhorn Server, finally, includes Network 
Access Protection (NAP), providing businesses 
with a way to quarantine connecting clients 
that don't meet established security baselines. 
While in quarantine, these machines can 
be updated and swept of any malware, then 
allowed into the corporate network. Longhorn 
Server also includes Windows Rights Manage¬ 
ment Services (RMS), to provide businesses 
with a way to protect sensitive corporate data 
from prying eyes. 

A new feature called Read-Only Domain 
Controller is perfect for branch offices, where 
servers are typically maintained less stringently 
and are more vulnerable to physical theft. With 
a Read-Only Domain Controller, replication is 
unidirectional only, and directory passwords 
aren't stored locally. If the server is stolen, the 
thieves can't get at sensitive corporate data. 

Longhorn Server is on track to ship by the 
end of 2007, Microsoft says. A Beta 3 release 
should be available in February 2007. 

Windows Server 
Virtualization 

Due within 180 days of the release of Longhorn 
Server, Windows Server virtualization will be 
a free add-on for Longhorn Server that dra¬ 
matically increases the capabilities and perfor¬ 
mance of a virtualized environment running 
on Windows Server. Windows Server virtual¬ 
ization is essentially a hypervisor environment 
that runs on Intel or AMD-based hardware, 
along with a Windows Server Core-based 
Longhorn role that runs in the primary, or par¬ 
ent partition. Users install and run virtualized 
environments in child partitions. 

Windows Server Virtualization will support 
x64 host and guest OSs and is compatible with 
today's Virtual Hard Disk (VHD)-based virtual 
environments, which you might have created in 
Microsoft Virtual PC 2007 or Microsoft Virtual 
Server 2005 R2. In addition, Windows Server 
virtualization will natively support multiple 
processors, functionality that, when combined 
with the memory possibilities on x64 systems, 
will provide dramatic scalability benefits. ^ 

InstantDoc I D 94726 

www.windowsitpro.com 
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_DAY 34: This indecision is sinking the business. 

How do we move to a service oriented architecture? 

Where do we start? Can we reuse what we have? 

.Infrastructure quicksand!! We waited too long. I’d 
throw Gil my tie, but it’s a clip-on. 


.DAY 37: A lifeline: IBM WebSphere middleware! It’s 
already helped thousands of customers build an SOA. 
Adapters give us a standardized approach to integrating 
apps from SAP, Oracle and others. And it lets us reuse 
what we have, saving time and money. 


_0h, great. There’s sand in my yogurt. 



WebSphere 


Download the reuse and connectivity kit at: 

IBM.COM/TAKEBACKCONTROL/CONNECT 


IBM, the IBM logo and WebSphere are registered trademarks of International Business Machines Corporation in the United States and/or other countries. ©2006 IBM Corporation. SAP is a 
registered trademark of SAP AG in Germany and in several other countries. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. All rights reserved. 
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Monitor Content Flow and 
Automate Compliance 

Code Green Networks announced the Content Inspection Appliance 1500 
(CI-1500) for small-to-midsized businesses (SMBs), which automatically 
identifies, monitors, and protects structured and unstructured content in 
all languages and formats. The CI-1500 can discover data leaks in your 
organization and implement automated policies to prevent them. For exam¬ 
ple, if the CI-1500 detects unauthorized transmission of sensitive informa¬ 
tion, it invokes management-defined policy to log, alert, block, or reroute 
the transmission. The appliance enforces security policies in most TCP 
protocols, including SMTP, FTP, HTTP, and Web mail. 

www.codegreennetworks.com, 

408-213-2300 


Product Spotlight 

Free, Enterprise-Ready 
Virtualization Alternatives 

Server virtualization is a hot technology. Giving one physical server 
the ability to handle multiple workloads is an exciting capability, and 
one that has the potential to dramatically reduce the costs of comput¬ 
ing. But what about the price tags that today’s top providers of virtual¬ 
ization technologies carry? How can you dive into this growing market 
if your financial resources are limited? 

Enter Virtual Iron 3.1, from Virtual Iron Software. I spoke with Mike 
Grandinetti, the company’s chief marketing officer, who was excited 
about Virtual Iron’s pricing structure. 

Virtual Iron Enterprise Edition 3.1, the company’s enterprise-class 
virtualization platform, supports unmodified Windows and Linux sys¬ 
tems and is priced at $499 per socket on a perpetual license basis. 
Virtual Iron also makes available free production-ready versions of Vir¬ 
tual Iron Enterprise Edition 3.1 on its Web site. The first version offers 
single-server virtualization and management and supports as many 
as four sockets and unlimited cores. It lets you consolidate Windows 
and Linux virtual servers, run 32- or 64-bit workloads from as many 
as eight CPUs, create and deploy virtual appliances, and template and 
clone virtual servers. The multiserver virtual infrastructure manage¬ 
ment version has the same features as the single-server version and 
also includes advanced virtualization management and policy-based 
automation capabilities. 

www.virtualiron.com, 978-849-1200 


Examine the Health of 
Group Policy 

SDM Software released its first GPExpert product, 
GPHealth Reporter 1.0, an application that helps you 
analyze how Group Policy is functioning on your 
systems. GPHealth Reporter collects information 
from a variety of sources on a target system and 
presents it to you in a concise format, using red or 
green health status indicators. Potential problems 
that GPHealth Reporter finds are highlighted, and 
you can quickly access targeted guidance for solv¬ 
ing them. Examples of the information GPHealth 
Reporter provides include Group Policy processing 
time, slow link and loopback status, and other com¬ 
puter and user details. The software can send infor¬ 
mation to a printer, an Excel spreadsheet, or PDF 
file. You can download a 10-day trial of GPHealth 
Reporter from the SDM Software Web site. 

www.sdmsoftware.com, 

415-670-9302 



sdmsoftware 

XenSource Announces 
Family of Virtualization 
Products 

XenSource announced the XenSource XenServer 
product family, which includes XenEnterprise, Xen¬ 
Server, and XenExpress. All XenServer products 
are based on the open-source Xen hypervisor, 
a software abstraction layer that lets a physical 
server run one or more virtual servers. XenEnter¬ 
prise is an enterprise-grade Xen virtualization solu¬ 
tion that supports Windows and Linux OSs and 
lets you install and manage guests on the same 
server with no imposed limit to concurrent virtual 
machines, network storage support, memory, or 
resource controls for the CPU. XenServer is a virtu¬ 
alization platform designed for Windows standard 
server environments, and XenExpress is a free, 
production-ready solution that lets you get started 
using Xen virtualization. XenExpress is available as 
a download on XenSource’s Web site. ♦ 

InstantDoc I D 94888 

www.xensource.com, 

650-798-5900 
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Excfii/ige 

Disaster Recovery 

Tips 


You know that someday disaster could strike at your Exchange environment— 
probably at the worst possible time. Regardless of whether your Exchange 
organization is large or small, losing mail services has a big impact on your 
business. These seven tips will help you in designing, planning, testing, and 
implementing an Exchange-specific disaster recovery plan. 


Tip 1 : Assess Required Service Levels 

Email is a vital function, perhaps never more so than when disaster strikes and mail 
services aren’t available. You need to make sure all email users at all levels of the 
business agree about the response times and service levels needed. Clearly explain to 
users how IT will restore email services in different disaster scenarios. 

Recovery time will depend largely on how long it will take to recover Active Directory 
(AD), the Exchange system, and Exchange databases from backup media. Therefore, 
to gauge response time, first calculate the total amount of time needed to recover a 
complete database and a complete server. Doing so lets you estimate the amount 
of time needed to recover an Information Store (IS) or a complete server in optimum 
circumstances. You’ll then have to build in additional recovery time for more severe 
disasters to accommodate dependencies such as faulty or inoperative network 
infrastructure and other failing services (e.g., SANs, NICs). To shorten recovery time, 
you might also opt to decrease database sizes, which will almost automatically require 
additional databases and storage groups (SGs). Each SG, with a maximum of four per 
server, can have as many as five databases. Because each SG creates its own log 
files, you’ll then want to separate the transaction-log sets on dedicated disks. Spreading 
the storage load in this way can help you recover the databases more quickly. 

Tip 2 : Create a Disaster Recovery Information Kit 

The kit should include detailed information about server names, passwords, installa¬ 
tions, patch and driver history, configuration history, and licensing information. Also 
include in the kit: disk and partition configurations, your Exchange organization name, 
administrative group and routing group names, system state information, and Microsoft 
IIS metabase backups. Store recent backups or printed information about where to 
find other backup media, store installation media, system state backups, and contact 
information about who or what type of IT pro can and will restore what data. If you have 
a SAN, include contact information for your SAN specialist. 

Also you should regularly extract AD user information, such as email addresses, 
by using a utility such as LDIFDE or CSVDE and add this information to the kit. For 
example, you’d use the following command to export directory objects, including mail 
addresses: 

Ldifde -f C:\export.ldf -v 


Tip 3: Back Up the Cluster Quorum Disk 
If you’re using an Exchange cluster, you’ll need to include in your disaster recovery 
plan backing up and restoring the cluster quorum disk as well as the shared disks. 
Without the quorum disk, you won’t have vital cluster-configuration data and more 
important, your cluster will no longer start when disk signatures have changed—for 
example, when you replace disks, use storage-management tools to change the disk 
configuration, or reconfigure the array on a shared bus. To back up the quorum disk, 
you’ll need to perform a full computer backup or a Windows system state backup. 

On Windows NT 4.0 and Windows 2000 pre-Service Pack 3 (SP3), you could use the 
Windows 2000 Resource Kit Cluster Tool (clustool.exe) to back up the configuration of 
the complete cluster, including disk signatures. In case of a lost quorum and when the 
signature of the quorum disk changed, you can use the Win2K resource kit’s Dumpcfg 
utility (dumpcfg.exe) to manually write the signature back to the quorum disk. In Windows 
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Server 2003, you can use the cluster service and the Windows 2003 Resource Kit 
Cluster Server Recovery Utility (clusterrecovery.exe) tool to fix a lost quorum disk. 

Tip 4: Prepare Now; Minimize Stress Later 

Schedule recovery tests to practice recovering your Exchange server. Use test labs 
and the Recovery Storage Group (RSG) to check whether database backups were 
successful. You could, for instance, extract random mailboxes from the RSG by using the 
Exchange Mailbox Merge (ExMerge) utility to check the data and the Exchange Disaster 
Recovery Analyzer (ExDRA) tool to check data integrity. In addition, backups are the only 
way to recover improperly deleted email messages and with the recent implementation of 
the new Federal Rules of Civil Procedures (FRCP) that greatly tighten the rules for storing 
corporate email for the purposes of potential lawsuits, it is more important than ever to 
have an e-discovery plan that integrates with your backup and recovery plans. 

Tip 5: Include AD in Your Recovery Plan 

In many cases, recovering Exchange also means recovering Active Directory (AD). 
Small companies often have only one server for both Exchange and AD, and even 
in very large environments, a minor mistake in AD can have consequences for the 
complete Exchange and AD configuration. Since Exchange Server 2003 and Exchange 
2000 Server rely heavily on AD, make sure you frequently back up your domain 
controller’s (DC)’s system state, which includes AD, the registry, boot files, certificate 
services, Microsoft IIS, COM+, and Sysvol information. Perform system-state backups 
at least as often as you back up Exchange. 

Thoroughly check and test your system-state backup and restore capabilities and make 
sure that the NTDS and Sysvol volumes have enough space to perform a complete 
system-state restore. Make sure that your recovery plan includes procedures to restore 
AD both authoritatively and non-authoritatively. 

Tip 6: “Back Up” Your Exchange Expert 

Many organizations have a resident Exchange expert—the one person who fully knows 
the Exchange infrastructure. Your disaster recovery plan should specify who will back 
up and, if necessary, replace your Exchange guru should he or she be unavailable in 
a disaster. Select an employee who will back up the Exchange expert, and make sure 
that employee and the Exchange guru meet regularly—to bring the backup employee 
up to speed on your organization’s Exchange procedures. 

Tip 7: Exchange Troubleshooting Assistant 

The Exchange Troubleshooting Assistant (ExTRA) consists of the following 
three components. 

• Exchange Performance Troubleshooting Analyzer (ExPTA) 

• Exchange Mail Flow Analyzer (ExMFA) 

• Exchange Disaster Recovery Analyzer (ExDRA) 

The Exchange Server Disaster Recovery Analyzer Tool (ExDRA) can help administrators 
troubleshoot Exchange-database-related problems. ExDRA collects configuration data 
and header information from databases and transaction-log files and creates a detailed 
list of database problems and instructions for resolving them. Familiarize yourself with 
ExDRA before a disaster strikes, so that you’ll be adept at using the tool and interpreting 
its information when you’re under pressure during a recovery. You can download the free 
ExDRA tool at http://www.microsoft.com/downloads/details.aspx?familyid=4BDC1 D6B- 
DE34-4F1C-AEBA-FED1256CAF9A&displaylang=en. 

When databases won’t mount or you suspect Information Store (IS) problems, run 
ExDRA to find inconsistencies and errors. ExDRA can check dismounted ISs to see 
whether the IS shutdown was clean or dirty. Additionally, ExDRA will tell you which 
eseutil.exe and lsinteg.exe commands you need to run to check and repair the 
database(s) and transaction-log files. ExDRA will perform for you the checks you’d 
typically do by using these commands: 

isinteg -s ServerName -test aLLfoLdertests 

which checks the higher-level IS database-table-structure integrity (replace 
ServerName with the name of your Exchange server), and 

eseutil /g 

which checks the physical database pages. ExDRA will run similar commands for you 
to check IS integrity and database consistency, then will then give suggestions and 
examples for fixing the problems. 
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Comparative Review 


Patch Management Solutions 

See how WSUS stacks up against 2 popular ISV offerings 


K eeping software patched and secure is one of the 
biggest ongoing challenges that network adminis¬ 
trators face. Software vendors are constantly play¬ 
ing catch-up with those who accidentally or purposefully 
discover flaws in their products. At the time of this writing, 
Microsoft had released 55 critical patches for Windows XP 
Service Pack 2 (SP2) and 48 patches for Windows Server 
2003 SP1. Patch management software is a valuable tool 
that network administrators can use to automate the soft¬ 
ware patching process. 

Modern patch management solutions address multiple 
challenges. They must deliver patches from vendor patch 
repositories to vulnerable clients in a robust, efficient, and 
unobtrusive manner. They must provide centralized control 
over the patch approval process and allow removal of prob¬ 
lematic or unnecessary patches. And they must provide 
reports listing vulnerabilities, patch success/failure, and 
network summary information. The most flexible patch 
management solutions accommodate a range of network 
topologies, client configurations (e.g., mobile, desktop), and 
bandwidth availabilities. 

I worked with three patch management products 
designed to address the challenges of software patching: 
Microsoft Windows Server Update Services (WSUS) SP1, 
PatchLink Update 6.3, and Shavlik Technologies' Shavlik 
HFNetChkPro Plus 5.8. 


WSUS SP1 

WSUS SP1 is a free product from Microsoft that joins 
together Microsoft's Windows Update patch repository and 
Windows Automatic Updates client into a patch manage¬ 
ment system. WSUS lets you approve patches prior to their 
deployment. With WSUS, patches can be downloaded from 
Microsoft once, stored locally, and distributed at LAN speed 
to clients. WSUS improves on its predecessor, Microsoft 
Software Update Services (SUS), by distributing patches 
for Microsoft applications such as Office, SQL Server, and 
Exchange in addition to patches for Microsoft OSs. WSUS 
also offers a modest level of reporting. 

WSUS combines an unbeatable price (free) with solid 
patch distribution features. Careful network administrators 
like to test patches in their environment before deploying 
them. In WSUS, after you're satisfied with a patch, you can 
mark it Approved, which allows clients to install the patch. 
WSUS also lets you create Computer Groups, which can be 
used to restrict the scope of patch deployment. For example, 
you can deploy patches to a group of test computers before 
approving them for the rest of the network. Figure 1 shows 
the dialog box for approving patches for Computer Groups. 

By using the lean, Web-based WSUS interface, you can 
approve patches manually or based on a policy. For example, 
an approval policy can automatically approve patches that 
are rated critical by Microsoft or patches that supersede pre¬ 
viously approved patches. WSUS 
doesn't download patches until 
they're approved, so no bandwidth 
is wasted on patches that will never 
be deployed. 

WSUS can also conserve band¬ 
width and administrative effort by 
creating a hierarchy of WSUS serv¬ 
ers. This feature lets you balance 
a large client load across multiple 
WSUS servers or host patch con¬ 
tent closer to clients. 

The WSUS reporting mod¬ 
ule provides useful information 
about available patches, deployed 
patches, missing patches, and 
deployment failures. But WSUS 
provides only a portion of the 
patch status reporting that the 
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Comparative Review | Patch Management Solutions 


Summary 


WSUSSPI 

PROS: Well designed, flexible update targeting, 
patches Microsoft applications and OSs, free 
CONS: Patches only Microsoft products, limited 
reporting, can’t push patches to clients 

RATING: ♦♦♦OO 
PRICE: Free 

RECOMMENDATION: Recommended for organiza¬ 
tions that need a low-cost patch management 
system focused on Microsoft products. 
CONTACT: Microsoft • http://www.microsoft 
.com • 425-882-8080 


other products in this review offer. 

WSUS relies on Group Policy to configure 
clients with settings such as which WSUS server 
to use, how often to check for updates, and what 
to do with new patches. This dependency could 
complicate WSUS deployment and trouble¬ 
shooting. WSUS also lacks the ability to deal with 
rogue computers (i.e., unpatched computers 
that aren't configured to use WSUS)—although 
the Microsoft Baseline Security Analyzer (MBSA) 
could help identify these systems—and non- 
Microsoft applications and OSs. 

WSUS can’t force patches to clients. Its role 
is to distribute approved patches to clients, 
which download and install them at defined 
intervals. This pull topology might have dif¬ 
ficulty addressing quickly spreading exploits, 
such as the Blaster worm, for which you might 
want to push out a patch immediately. 

Overall, I found WSUS to be a capable 
solution that's tightly focused on the challenge 
of keeping Microsoft software patched and 
secure. All-Microsoft shops and smaller enter¬ 
prises will love the functionality and the price. 

PatchLink Update 6.3 

PatchLink Update 6.3 is an agent-based, mul¬ 
tiplatform patch management product that 
provides agents for Novell NetWare, Mac OS X, 
Windows, and several Linux platforms. You use 
policies to configure the agents to periodically 
scan for applicable vulnerabilities. You can 
then schedule deployments of Packages, which 
are patches for one or more vulnerabilities. 
PatchLink Update runs on Windows 2003 
and, like the other products reviewed, can 
store patch deployment data in a SQL Server 
database. PatchLink Update uses SQL Server 
Express if SQL Server isn't available. 

The evaluation copy of PatchLink Update 
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6.3 came preinstalled on a VMware virtual 
machine (VM). This was a nice touch that 
made evaluating the product easier. 

PatchLink Update uses a patching cycle 
that begins by downloading an XML file from 
PatchLink. This file lists available software 
patches for the supported software. You then 
use the Web-based administrator console to 
schedule or manually initiate scans for vulner¬ 
abilities. Based on the results of the vulnerabil¬ 
ity scan, PatchLink Update distributes patch 
deployments to agents. The patches can be 
prestaged on the server or downloaded from 
software vendor Web sites immediately prior 
to their deployment. PatchLink Update also 
can roll back patches after they're installed. 

PatchLink Update can accommodate a 
variety of network topologies by using distribu¬ 
tion points. This lets you locate patch content 
closer to clients or load-balance clients across 
multiple distribution points. PatchLink Update 
recognizes and patches vulnerabilities in the 
supported OSs, Microsoft server and desktop 
applications, and other popular applications 
such as Adobe Acrobat and Flash, Mozilla 
Firefox, Apple QuickTime, and WinZip. 

In addition to collecting vulnerability 
information, PatchLink Update performs an 
inventory of hardware, services, and installed 
software. The Web-based interface displays the 
inventory organized in several ways and with 
several summary levels (as Figure 2 shows), and 
this data can be exported in CSy XLS, and XML 
formats. Neither of the other products in this 
review collected such inventory information. 

PatchLink Update is also the only product 
reviewed that includes an interface for creating 


Summary 


PatchLink Update 6.3 

PROS: Flexible permissions assignment model, 

support for distribution points, good reporting, 

cross-platform support 

CONS: Complicated agent install, especially 

for Linux clients; expensive for UNIX and 

NetWare clients 

RATING: 

PRICE: $1,495 for a server license, plus $18 per 
node per year for Windows clients, $75 per 
node per year for UNIX and NetWare clients, 
and $33 per node per year for Mac OS X 
clients 

RECOMMENDATION: Recommended for organiza¬ 
tions that need multiplatform patch manage¬ 
ment, flexible administration interface permis¬ 
sions, and complete reporting. Its flexibility 
makes it my pick for Editor’s Choice. 

CONTACT: PatchLink • http://www.patchlink 
.com • 480-970-1025 


system users and assigning role-based permis¬ 
sions. For example, you can give an adminis¬ 
trator read-only access to PatchLink Update's 
inventory data (the Guest role) or full access to 
a subset of the managed computers. 

Even if you've scheduled regular vulner¬ 
ability scans, PatchLink Update lets you force 
a vulnerability scan. That way, when a major 
software vulnerability is discovered, you can 
use an on-demand scan to more quickly iden¬ 
tify and deploy the needed patch. 

The PatchLink Update report module is 
configured with several useful reports. Included 
are reports (mentioned above) on hardware, 
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. .... SUNBELT MESSAGING 

Meet Sunbelt Messaging Ninja— 

The new all-in-one, best-of-breed, 
third-generation messaging 
security solution: Ninja is a plug-in 
framework that integrates best-of-breed antispam, antivirus 
and SMART attachment filtering on your Exchange 
server. Much easier to manage: Ninja was 
designed by admins for admins. Its MMC interface is a 
a breeze so you can get 


NtNi*, up and running in 

minutes vs. hours. 

' ' Better multi-engine 

spam detection: 

Ninja’s spam filtering 

decimates junk mail with both Cloudmark (which includes anti¬ 
phishing) and Sunbelt’s own heuristics-based 
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iHateSpam engines. And, of course, it also 
supports RBLs and SPF. Integrated multi- 
engine antivirus: Ninja combines the 
power of multiple high-quality AV engines. 
Great end-user control: The policy-based plug-in 

architecture allows you powerful, granular control. You 
can finally rule with an iron fist. SMART attachment 
filtering: Ninja features the first flexible policy-based 
attachment filter that isn’t fooled by extensions. It looks 
inside files to determine their true identity. Your policies 
decide what happens to all attachments. 


Eval a t www. sunbelt-software, com/niniawinb. 
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software, and service inventory along with 
the usual reports on missing and deployed 
patches. One particularly useful report is the 
Vulnerability Analysis Report, which summa¬ 
rizes several critical metrics relating to specific 
unpatched vulnerabilities. All report data can 
be exported in CSV, XLS, and XML formats. 

The PatchLink Update agent proved tricky 
to install on the Linux Fedora Core 4 cli¬ 
ent that I included in my testing. The agent 
requires the Sun Microsystems Java Runtime 
Environment rather than the GNU Java Run¬ 
time Environment packaged with Fedora. This 
could complicate agent deployment in some 
environments. 

To prevent unauthorized connections 
to the server, the PatchLink Update agent 
requires you to enter the server license key 
during installation. Windows installs can use a 
customized .msi file to automate this step, but 
it seems unnecessary to require a license key 
for a software patching agent. 

Overall, I found PatchLink Update to be 
a capable solution worthy of consideration 
for multiplatform enterprises. In fact, it's my 
pick as the Editor's Choice product. Its flexible 
agent software and full set of features will keep 
a wide variety of enterprise networks patched 
and secure. 


Shavlik HFNetChkPro 
Plus 5.8 

Shavlik HFNetChkPro Plus 5.8 incorporates a 
unique combination of push and pull topol¬ 
ogy choices. The push component uses the 
Windows Remote Registry service and Micro¬ 
soft Server Message Block/Common Internet 
File System (SMB/CIFS) communication from 
the Console (Shavlik's term for the patch 
management server) to initiate vulnerability 
scans on clients. The pull component uses a 
client agent to initiate communication with the 
Console. HFNetChkPro Plus supports Micro¬ 
soft OSs only, but it can provide patches for 
major Microsoft applications and some non- 
Microsoft apps, including Adobe Acrobat and 
Flash and Mozilla Firefox. A separate product, 
Shavlik HFNetChkPro for Solaris, supports the 
Sun UNIX OS. 

The HFNetChkPro Plus installer makes setup 
easy by downloading and installing the prereq¬ 
uisite Windows components, which might not 
be present on a clean server install. Like the 
other products in this review, HFNetChkPro 
Plus supports multiple distribution servers and 
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Summary 


Shavlik HFNetChkPro Plus 5.8 

PROS: Flexible combination of push and pull 
updating, easy deployment, usable interface 
and well-rounded feature set, helpful reports 
CONS: Console isn’t Web based, inflexible client 
configuration 

RATING: ♦♦♦♦O 
PRICE: $38 per seat 

RECOMMENDATION: Recommended for organi¬ 
zations that need flexible Windows platform 
patch management, easy deployment, and 
solid reporting. 

CONTACT: Shavlik Technologies • htto://www 
.shavlik.com • 800-690-6911 


lets you customize which patches are deployed 
in response to scan results. For example, you 
can create a Patch Scan Template to define 
which patches to look for and a Deployment 
Template to define how and when missing 
patches are deployed, how much bandwidth 
to use, and when client reboots can be toler¬ 
ated. Like PatchLink Update, HFNetChkPro 
Plus can combine scheduled patch scans with 
on-demand scans for a flexible posture in 
responding to patching needs. HFNetChkPro 
Plus lets you uninstall patches but only in the 
reverse order of deployment. 

HFNetChkPro Plus works without an agent 


on most clients, which should make installa¬ 
tion easier but might mean extra configuration 
on some clients. You might need to configure 
an XP client's Windows Firewall and Remote 
Registry service to accept connections from the 
Console. 

With HFNetChkPro Plus, all clients that 
report to the same Console must use the 
same configuration settings. (Shavlik plans 
to resolve this in an upcoming minor version 
release.) Both WSUS and PatchLink Update 
have greater flexibility in this area and can 
accommodate multiple client configurations 
per server to better match network topology 
and client needs. 

Because of its push topology, HFNetChk¬ 
Pro Plus can manage computers that might 
otherwise be outside your control. HFNetChk¬ 
Pro Plus's built-in IP Range Scan facilitates a 
comprehensive network scan that finds any 
client computers to which you have adminis¬ 
trator access. On mobile computers, firewalled 
computers, and other difficult cases, you can 
install the HFNetChkPro Plus agent. The agent 
supports push installation as well as local 
installation from CD-ROM or USB flash drive, 
so no independent software distribution infra¬ 
structure is needed. 

The HFNetChkPro Plus admin interface 
is a standalone .exe file rather than a Web 
interface. Also, some scheduled tasks on the 
Console server execute inside a command 


Table 1: Feature Summary 









WSUS SP1 

PatchLink 
Update 6.3 

Shavlik 
HFNetChkPro 
Plus 5.8 

Microsoft OS patching 

Yes 

Yes 

Yes 

Micosoft application patching 

Yes 

Yes 

Yes 

Non-Microsoft application patching 

No 

Yes 

Yes 

Agent required 

Yes 

Yes 

No 

Web-based management interface 

Yes 

Yes 

No 

Reporting 

Limited 

Yes 

Yes 

Multiplatform 

No 

Yes 

No 

Spyware remediation 

No 

No 

Yes* 

Requires add-on product 
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Figure 3 shows. Reports such as this 
help you quickly get a handle on 
the most serious threats to network 
health. 

HFNetChkPro Plus also has an 
optional, extra-cost antispyware add¬ 
on that was in development at the 
time of this review. 

Overall, I found Shavlik HFNetChk¬ 
Pro Plus a well-rounded patch man¬ 
agement product that addresses many 
of the software patching challenges 
facing modern enterprises. 


Figure 3: 


HFNetChkPro Plus Executive 
Summary report 


prompt window. Together, these minor points 
cause HFNetChkPro Plus to feel like a desktop 
application rather than a service. 

HFNetChkPro Plus's prepackaged reports 
are well done and include a few helpful analy¬ 
sis reports, including the Top 10 Vulnerable 
Machines and Top 10 Missing Patches, which 


Conclusion 

All three of the reviewed products pro¬ 
vide significant benefits for the over¬ 
worked system administrator. They all 
deliver the core functionality of modern patch 
management solutions: patch approval, patch 
delivery, and reporting. And most importantly, 
all three products were successful in delivering 
and applying patches in my test lab environ¬ 
ment. Beyond this core functionality, the three 
products have significant differences. 


WSUS provides the base level of function¬ 
ality that administrators need to control the 
Windows Automatic Update client and save 
bandwidth. Its spartan reporting provides 
usable information about the status of patch 
deployment and it can accommodate a variety 
of network topologies. 

HFNetChkPro Plus adds several useful 
features to the expected core patching func¬ 
tionality. I was impressed with the smart 
combination of push and pull models for patch 
management, and the management interface 
was easy to use, although I would have pre¬ 
ferred a Web-based interface. 

PatchLink Update also adds several useful 
features to the core patching functionality. It 
offers agents for multiple platforms, hardware 
and software inventory collection, and useful 
summary and analysis reports that can be 
easily exported. PatchLink Update also has 
the most flexible access control model for 
administrators. Because of its solid function¬ 
ality in the multiplatform enterprise and its 
useful features, PatchLink Update is my pick 
for Editor's Choice. ^ 
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Protect your virtualized systems and data the old fashioned way ... 


or rethink your backup and recovery strategy with esxRanger Professional 


Virtualization provides new and better ways to accomplish more with existing IT resources. esxRanger Professionar is the 
key to a sophisticated,yet cost effective backup and recovery strategy for your virtualized environments. Providing 
image-level hot backups, esxRanger Professional runs outside the guest OS, integrates smoothly with VMware® 
VirtualCenter, leverages VCB to offload backup overhead, and is VMotion™ aware to follow virtual machines. Recovery of 
your critical apps and data is smooth and seamless. For more information, visit www.vizioncore.com/fastest_backups.html 
for a white paper that explains how esxRanger Professional works with VCB for the fastest backup solution available. 
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i E nd Po i ntSecurity 


You have invested in network anti-virus software, firewalls, email and web content security to protect against external threats. Yet any user can come 
into the office, plug in a USB stick and take in/out over 32 GB of data. Users can take confidential data or they can unknowingly introduce viruses, trojans, 
illegal software and more - actions that can affect your network and company severely. Yet, as an administrator you had no way to control this until now! 


GFI EndPointSecurity allows administrators to centrally manage user access to devices such as iPods, USB sticks, PDAs, laptops and more. Controlling user access 
to such connectable devices allows you to: 

• Protect your network by ensuring users don't introduce viruses and other malware 

• Stop the alarming rate of insider data theft 

• Increase employee productivity by preventing them from bringing other work, games or personal projects to their workplace 

• Prevent users from introducing illegal or unauthorized software on their machines. 


Download your FREE trial version from www.gfi.com/ewp/ 


Get full reports on devices usage - including actual filenames transferred to and from devices! 

The GFI EndPointSecurity ReportPack is a full-fledged reporting add-on to GFI EndPointSecurity. This reporting package can be scheduled to 
automatically generate graphical IT-level and management reports based on data collected by GFI EndPointSecurity, giving you the ability to report 
on devices connected to the network, device usage trends, files copied to and from devices (including actual names of files copied!) and much more. 
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Review 




System Center Essentials 2007 Beta 2 

The beta’s not perfect, but this unified management solution shows promise for SMBs 


Y ou’ve probably heard 
about Microsoft Opera¬ 
tions Manager (MOM), which 
has been renamed System 
Center Operations Manager 
(Ops Manager). If your orga¬ 
nization is like most small-to- 
midsized businesses (SMBs), 
however, you probably realize 
that these tools offer diminish¬ 
ing returns if you don’t have 
the manpower to implement 
and maintain them properly, 
or if the size of your PC and 
server fleet isn’t large enough 
to warrant management by 
large-scale tools such as Oper¬ 
ations Manager. 

That said, a lot of IT shops 
are caught between the need 
for an efficient solution to 
monitor and manage the 
operations of their fleet and 
the ominous complexity of the 
solutions available to date. 
Enter System Center Essentials 
2007 (SCE). Microsoft is tar¬ 
geting SCE to SMBs, touting its 
simplified interfaces and pro¬ 
cesses for managing as many 
as 15 servers and 500 desk¬ 
tops (as of press time; these 
numbers could change). To see 
how well Microsoft can deliver 
on this promise, I took the Beta 
2 release of SCE through its 
paces in a test environment. 

Installation 

Out of the gate, Microsoft cre¬ 
ates some reasonably stout 
prerequisites for installing SCE. 
Supported OSs are Windows 
Server 2003 Standard and 
Enterprise Editions, Service 


Pack I (SPI); Windows 2003 
R2 Standard and Enterprise; or 
Small Business Server 2003 
SPI. Additionally, you need 
Microsoft Internet Information 
Services (IIS) 6.0; Background 
Intelligent Transfer Service 
(BITS) 2.0; Microsoft Data 
Access Components (MDAC) 
2.80.1022.0 or later; Micro¬ 
soft .NET Framework 2.0 and 
.NET Framework 3.0. You need 
about 3.5GB of free disk space 
on the C drive for the installa¬ 
tion. I attempted to point the 
installation of components to 
an alternate drive with plenty 
of free space, but there was no 
working around the disk-space 
check and I had to make room 
on my C drive before proceed¬ 
ing with the installation. 

During setup, I was 
prompted to install Microsoft 
SQL Server 2005 Express Edi¬ 
tion or point to an existing SQL 
Server installation for the Sys¬ 
tem Center Database. I chose 
to install SQL Server Express. 

I then had to choose whether I 
wanted to store updates for cli¬ 
ent computers on the server or 
let the clients go to the Internet 
for their updates. You’ll need 
to weigh the pros and cons of 
each option, considering your 
available server disk space, 
number of clients, and connec¬ 
tion to the Internet. I chose to 
store the updates on the server 
and specified the disk loca¬ 
tion where updates would be 
stored. I was then prompted to 
enter an account with access 
to all client systems that would 
be used to perform manage- 

Connecting the 


ment tasks on client systems. 
The full installation, complete 
with SQL Server Express and 
database creation, took about 
15 minutes on my dual-core 
Intel Xeon 2.4GHz server. 

Configuration 

Before you can start to use 
SCE, you must complete three 
configuration tasks. The tasks, 
which you’ll see the first time 
you open the console, rely on 
wizards to help you configure 
SCE product features, comput¬ 
ers and devices to be managed, 
and settings for Microsoft 
Update. 

The Product Feature wizard 
prompts you to select SCE’s 
parameters. Settings include 
whether to use a proxy server, 
whether to create a Group Pol¬ 
icy Object (GPO) for managed 
devices, client system remote 
control, and Agentless Excep¬ 
tion Monitoring. Although you 
can configure and use SCE 
by using local policy, you reap 
better centralized control of 
your environment and will 
need to jump through fewer 
hoops, such as manually open¬ 
ing firewall ports, if you take 
advantage of Group Policy. The 
wizard ran through the config¬ 
uration options I specified and 
completed all steps success¬ 
fully. 

I then ran the Computer 
and Device Management 
configuration wizard, which 
performs a discovery of com¬ 
puters and network devices, 
lets you select which ones you 

IT Community 


Summary 


SCE 2007 Beta 2 

PROS: All-in-one management 
tool for SMBs; leverages Ops 
Manager intelligence 
CONS: Beta version contained 
numerous bugs; systems to 
be managed must be well 
updated before they can be 
brought under SCE management 
umbrella 

RECOMMENDATION: If you 

struggle with management of 
your SMB fleet of desktops and 
servers, you owe it to yourself to 
give SCE a look. 

CONTACT: Microsoft • 800-426- 
9400 • http://www.microsoft 
.com 


want to manage, then performs 
agent installation on any man¬ 
aged systems you select. The 
wizard lets you select either 
Auto or Advanced discovery 
options. I used the Auto option, 
and my three Windows XP cli¬ 
ent systems were discovered in 
less than a minute. I selected 
all three systems for man¬ 
agement and the agent was 
queued for installation on the 
systems. All three, however, 
failed because they didn’t have 
Windows Installer 3.1. I down¬ 
loaded the required version 
from Microsoft and installed it 
on the three XP systems, but I 
had to go through the discov¬ 
ery process again to retry the 
agent installation. On the next 
attempt, the agent installation 
was again unsuccessful. This 
time, however, I was directed to 
look at the log files to determine 
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mine the source of the problem. 
The logs turned up nothing, but 
I did refer back to the system 
requirements document and 
noticed my problem: Although 
SCE supports a wide array 
of managed computer OSs, 
including Windows 2000 SP4, 
Windows XP must be updated 
to at least SP2 to run. I don’t 
have a complaint about the 
requirement for SP2, but tasks 
such as deploying SP2 are one 
big way in which SCE should be 
able to help smaller IT shops. 

It would be nice if Microsoft 
could find a way to help SCE 
users automate getting their PC 
fleet up to snuff as part of the 
deployment of this tool rather 
than saddling potential custom¬ 
ers with the task of manually 
managing software prerequi¬ 
sites. 

After ensuring that the test 
clients all met the require¬ 
ments, I tried the discovery pro¬ 
cess one more time. This time 
the agent successfully installed 
on all three of my test clients. 


I then ran the final task, 
Configure Microsoft Update 
Settings. The wizard syn¬ 
chronizes with the Microsoft 
Update site and asks if you 
want to download updates for 
OSs only or from a selection of 
other systems, including SQL 
Server and Microsoft Exchange 
Server. It also prompts you to 
select the languages for the 
updates you want to download 
and the categories of updates 
to automatically download. 
Finally, you can choose cat¬ 
egories of updates to approve 
automatically as they are 
downloaded or you can 
choose to manually approve 
all updates before they are 
distributed to clients. I chose 
default values for the wizard 
with the exception of the last 
item, telling it that I would 
manually approve updates. 
After the wizard finishes, you 
select to synchronize imme¬ 
diately or at a later time. Your 
first synchronization can take 
some time and consume sig¬ 


nificant network bandwidth, 
but you do need to synchronize 
updates from Microsoft before 
the SCE Update Management 
feature will work properly. 

The SCE Console 
Interface 

The SCE console’s interface, 
which Figure I shows, is fairly 
simple and intuitive as com¬ 
pared with other complex 
management products. It’s 
laid out in a columnar format 
featuring various panes for dis¬ 
playing information or choosing 
actions to perform. Using the 
View menu, you can customize 
to some degree which items 
are displayed together to suit 
your environment. Figure I 
shows the console with the 
Computers pane activated and 
other available items such as 
Details, Actions, and Naviga¬ 
tion enabled. You can resize 
the columns horizontally and 
change the height of an item 
or pane within a column to 


suit your preferences. To enter 
a specific area of SCE, you 
choose the appropriate selec¬ 
tion from the Actions item in 
the lower left of the console or 
from the Go menu. The choices 
are Computers, Monitoring, 
Updates, Software, Reporting, 
Authoring, and Administration. 

Computers. In the Comput¬ 
ers pane, you can view inven¬ 
tory and launch a wide array 
of diagnostic and maintenance 
operations on a system. Figure 
I shows some of the possible 
actions you can perform on the 
selected managed system. 

Monitoring Systems and 
Network Devices. Microsoft 
has included some great MOM 
and Ops Manager functionality 
to simplify monitoring systems 
and network devices. I don’t 
have the space here to even 
scratch the surface of the mon¬ 
itoring functionality available 
for Windows OSs and Micro¬ 
soft applications. Monitoring 
capabilities for most anything 
you would want to monitor on 
your desktops plus the majority 
of mainstream Microsoft server 
applications are included in 
SCE. You can author a moni¬ 
tor for a specific service and 
even develop detailed custom 
availability monitoring for a 
Web application. I also tested 
monitoring for a couple of 
SNMP-managed devices on my 
network. For generic network 
devices, SCE collects uptime 
information taken from ping 
contact, but you can import 
management packs to expose 
additional capabilities for sup¬ 
ported hardware. I imported 
the Microsoft.SystemCenter 
.CiscoDevice.Library.mp file 
from the SCE 2007 installation 
media and was presented with 
additional monitoring informa¬ 
tion for the Cisco switch on my 
network. 
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Deploying Software 
Updates. One big benefit of 
SCE is that it has tools for 
deploying and reporting about 
software updates from Micro¬ 
soft. The features in SCE’s 
robust updates management 
technology make it very easy 
to synchronize, approve, 
deploy, and report on updates 
and patches. 

You can also use SCE to 
deploy updates and patches to 
third-party software installed 
in your environment. The 
distribution of non-Microsoft 
updates is very similar to the 
process of distributing soft¬ 
ware. 

Distributing Software. 

You can use SCE to deploy 
software from .exe files, .msi 
files, and exe-wrapped .msi 
files. Its capabilities for soft¬ 
ware deployment, however, 


are nowhere near as compre¬ 
hensive as that of Systems 
Management Server (SMS) or 
other enterprise-class software 
distribution tools. 

SCE has no repackaging or 
scripting capabilities to cus¬ 
tomize a deployment beyond 
what is provided by the soft¬ 
ware manufacturer. On the 
upside, SCE quickly and easily 
pushes out standard packages. 
However, during my testing, 
the SCE console crashed the 
first couple of times I tried to 
deploy Windows Defender. 
After I cleared the Include all 
files and sub-folders in this 
location checkbox, I was able 
to create and deploy packages 
without a problem. 

Reporting. You’ll find two 
user-configurable reports: 
Availability and Configura¬ 
tion Changes. I presume more 


reporting options will be avail¬ 
able in the final release. I saw 
many context-specific report¬ 
ing options that appeared 
throughout the interface, but 
they weren’t enabled in the 
Beta 2 build that I tested. 

Authoring and Admin¬ 
istration. As I mentioned in 
the Monitoring section, the 
Authoring pane is where you 
can add monitoring for OLE 
DB data sources, TCP ports, a 
Web application, or a Windows 
service to achieve customized 
monitoring capabilities for an 
application or service in your 
environment. 

The Administration pane 
lets you configure settings for 
how SCE will operate in your 
environment. These settings 
include device management, 
security, notifications, and gen¬ 
eral operational parameters. 


This is also where you go to 
import and manage manage¬ 
ment packs. 

First Impressions: 
Fix Bugs, Start a 
Revolution 

Overall, I think SCE will catch 
on for many SMBs. It boasts 
a wealth of worthwhile fea¬ 
tures in a concise, easy-to-use 
interface. Unfortunately, the 
beta version I tested still had 
too many bugs to give it an 
official stamp of approval. For 
example, the console crashed 
on me numerous times during 
testing. I’m sure Microsoft will 
work diligently to make SCE 
stable and robust. Then, SCE 
will be poised to start a small 
revolution in IT systems man¬ 
agement, at least for SMBs. ^ 
-Ed Roth 
InstantDoc ID 94762 
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FROM DESKTOP 
TO DATACENTER. 


FAST. 

SECURE. 

STREAMLINED. 




Secure Communication 
Drives Business Success 


Microsoft® Exchange™ Server 2007 running on Dell 
PowerEdge™ servers delivers a comprehensive, 
completely integrated end-to-end unified messaging 
solution - from the user to the datacenter. 
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Dell brings together aspects of a messaging 
environment-networking, servers, storage, services, 
tools and support - in one easy-to-use, cost-effective 
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Rigorously tested and validated, it can dramatically reduce the costs and complexity of managing messaging environments. 
And since it is from Dell, you get scalable solutions built on standards-based products, and confidence in moving your 
business forward. 


Microsoft* 

Exchange Server 2007 


For more information, contact your sales representative or 
visit www.dell.com/exchange 


D4LL 


Dell and PowerEdge are trademarks of Dell Inc. Microsoft and Windows are registered trademarks of Microsoft Corporation. Other trademarks and trade names may be used in this document to refer to either the 
entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and names of others. © Copyright 2007 Dell Inc. All rights reserved. Reproduction in any manner 
whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell. 

















































Paul’s 
Picks 

Summaries of 
® in-depth product 

y* reviews on Paul 

Thurrott’s 
SuperSite for 
Windows 
http://www.winsupersite.com 

Microsoft Office 2007 

PROS: Major Ul revamp; functionality that 
was previously hidden is now easier to find 
CONS: Not all applications have been 
updated to new Ul; training costs are 
unknown 

RECOMMENDATION: Microsoft Office 2007 
System is a revolutionary upgrade, 
especially the four applications that have 
been completely redone with new Uls: Word, 
Excel, Access, and PowerPoint. Overall, I 
suspect that the new Office 2007 Ul will 
be of most benefit to inexperienced users 
and, not coincidentally, those with the most 
Office experience will face some retraining. 
The effort will be worthwhile: Office 2007 
is the first must-have Office upgrade since 
Office 95 debuted more than a decade ago. 
CONTACT: Microsoft • 800-426-9400 • 
http://www.microsoft.com 
FULL REVIEW: http://www.winsupersite 
. co m / reviews/of f i ce2007_beta2. asp 

Mozilla Firefox 2 

PROS: Secure and highly functional Web 
browser is a viable alternative to Internet 
Explorer (IE) 7.0 

CONS: New features are mostly minor; 
anti-phishing filter doesn’t seem very 
sophisticated 

RECOMMENDATION: Mozilla Firefox 2 is a 
minor upgrade to an amazing product, but 
it comes across as somewhat lackluster 
because previous versions were so 
revolutionary. This time around, we get 
a number of small improvements, most 
of which could have easily been added 
to Firefox 1.5 via the browser’s elegant 
Extensions system. Don’t get me wrong: 
Firefox 2 is still Firefox, so it’s a tremendous 
product. It’s just that the latest version isn’t 
a substantial upgrade and might be less 
interesting to businesses nervous about the 
costs of upgrading. 

CONTACT: Mozilla Corporation • http://www 
.mozilla.com 
FULL REVIEW: http://www.winsupersite.com/ 
re vi e ws/f i ref ox2. as p 
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Summary 


E-Trail Digital Archive 

PROS: Easily archives a variety of different 
electronic communication formats into one 
source 

CONS: Expensive solution; installation is frag¬ 
mented 

RATING: ♦♦♦♦O 
PRICE: Starts at $8,000 
RECOMMENDATION: Useful for large organiza¬ 
tions with compliance requirements, but not 
cost-effective for smaller organizations. 
CONTACT: Lighthouse Global Technologies • 
800-930-4079 • http://www.lighthousegt 
.com • info@lighthousegt.com 
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E-Trail Digital Archive 

E -Trail Digital Archive from Lighthouse Global Tech¬ 
nologies lets corporations store multiple forms of 
electronic communication, such as email and instant 
messages, in a relational database system. E-Trail Digi¬ 
tal Archive data can be stored in Microsoft SQL Server, 

Oracle, MySQL, and other databases; the installation disk 
provides a copy of MySQL. 

Installing the product was more complicated than I 
expected. The basic setup was fairly straightforward and 
requested configuration information such as the data¬ 
base in which I wanted to store my archive data. How¬ 
ever, the installation runs from a .bat file, a procedure 
that was not as smooth as I would have liked. I also had 
to create and populate the database from a command 
shell instead of through the installation wizard. 

E-Trail Digital Archive provides a variety of modules 
so that corporations can customize the solution to best 

fit their needs. I installed E-Trail Check Services, which manages the Windows services that E-Trail 
Digital Archive uses, and the E-Trail Digital Archive PST Importer, which allows for searching and 
archiving of existing email files such as .pst, .eml, .mbox, and Maildir files. I also installed the E-Trail 
Digital Archive Outlook Add-In, which integrates with Microsoft Office Outlook, allowing Outlook 
users to access E-Trail Digital Archive without having to go through the Web-based interface. 

Overall, the installation was too segregated and command-line oriented for an enterprise solution. 
The installation process would be much simpler if Lighthouse Global Technologies were to combine 
all of these modules into a single installation wizard with modules made available on the basis of the 
license key. 

After installation, I used the E-Trail Digital Archive PST Importer to import email data from a 
backup PST. The import took a few minutes, then I was able to test the administration Web interface. 
I generated a new search query from the Run Query page to traverse the archive database. I saved 
the query, which exported the settings to an XML file, then submitted the query. I was able to view 
the query progress in the Query Admin section. 

The Results page displays completed queries. Clicking the query name reveals the messages that 
the query found. The returned data can be viewed directly from the interface or downloaded to a 
file. Overall, the administration Web interface is straightforward and easy to use. However, I thought 
there were too many instances in which new windows would appear when a selection was made; 
keeping all the windows inside a common window frame would be more efficient for the user. 

E-Trail Digital Archive is built on a Java platform and uses an open-source database, MySql, for 
default storage. Although this setup might be appealing to administrators who don’t use Microsoft 
products, the administrative burden of integrating this product into a Microsoft organization might 
outweigh the benefits of using it. By default, the Apache Tomcat Web server must also be installed 
with E-Trail Digital Archive. Tomcat works side-by-side with Microsoft IIS, but it adds another Web 
server to your environment that you must administer. I’m not convinced there is a demand for sepa¬ 
rate archival products, considering that email clients already have archival capabilities—they might 
not be as robust, but they will cover most companies’ archival needs. 

E-Trail Digital Archive is a useful tool for companies that need electronic archival functionality, 
but the cost is high, starting at $8,000 for an Enterprise License. I’m not certain the benefits of 
this product make it cost-effective for most corporations to adopt. Lighthouse Global Technologies 
addresses cost concerns with E-Trail Digital Archive ASP, which runs as a hosted service. The cost of 
this product is significantly lower, making it an option for smaller companies looking to archive their 
electronic communication. For the full-length version of this review, go to http://www.windowsitpro 


.com and enter InstantDoc ID 94885. 
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Summary 


EventSentry 2.72 

N ETIKUS.NETs EventSen¬ 
try 2.72 is a network¬ 
monitoring tool that collects 
events on monitored comput¬ 
ers, filters them according to 
customizable preferences, and 
forwards relevant items to the 
administrator. In addition to 
collecting event-log data from 
Windows servers and worksta¬ 
tions, EventSentry agents can 
also monitor disk and processor 
performance, printing, logons, 
service state, and installed 
applications. A Windows event 
log stores all sorts of informa¬ 
tion useful to the administrator; 
it also contains many irrelevant 
items. EventSentry endeav¬ 
ors to deliver the useful items 
directly to the administrator at 
his or her desk. In times of trou¬ 
ble, this information can speed 
the diagnosis of problems. 

An EventSentry agent runs 
as a service on monitored com¬ 
puters, sending collected data 
in real time to the management 
console. EventSentry can use 
MySQL, Microsoft SQL Server 
2005, or SQL Server 2000 
databases. Although I found 


the SQL Server option easier 
to configure, I appreciated hav¬ 
ing the choice. The installation 
and configuration of Event¬ 
Sentry was astoundingly easy. 

I completed the setup and did 
some preliminary filtering of 
unwanted information in just 
half an hour. 

You manage EventSentry 
through agents, groups, and 
packages. From the Event¬ 
Sentry management console, I 
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joined computers to groups by 
using the Active Directory (AD) 
linking feature. I was then able 
to deploy the agent automati¬ 
cally from the management 
console without physically 
visiting the monitored comput¬ 
ers. The management console 
pushes alerting, health moni¬ 
toring, and tracking packages 
to the agents. Depending on 
which packages are associated 
with a monitored computer, 
the computer’s agent performs 
tasks such as polling for disk 
space information or send¬ 
ing an email notification if a 
particular event occurs. Event¬ 
Sentry provides some pre¬ 
configured packages suitable 
for event tracking of common 
applications such as Microsoft 
Exchange Server and antivirus 
software. If critical services 
are halted, the administrator 
receives an email notification, 
page, or network message. 

EventSentry also performs 
basic network monitoring, 
allowing the administrator to 
check node connectivity via 
Internet Control Message Pro¬ 


tocol (ICMP) pings or custom 
TCP port pings. It is also capa¬ 
ble of capturing syslog events 
from UNIX, Cisco, and other 
syslog-capable devices. With 
additional hardware available 
from NETIKUS.NET, Event¬ 
Sentry can monitor a server’s 
physical environment for tem¬ 
perature, humidity, and smoke. 

EventSentry notified me 
by email of a problem in my 
test network. I opened up the 

Connecting the 


EventSentry management 
application to read the alert: 
Microsoft ISA Server had 
attempted to take over master 
browser status of the domain. 
By following the link in the alert 
to EventSentry’s online knowl¬ 
edge base, MyEventLog.com, 

I determined that ISA Server 
wasn’t properly filtering incom¬ 
ing AD messages. I like this 
feature, but I wish the link to 
MyEventLog.com were in the 
email message so I wouldn’t 
have to open the EventSentry 
application. 

The application documenta¬ 
tion isn’t particularly strong. 
The EventSentry Quickstart 
Guide, available online, doesn’t 
include step-by-step installa¬ 
tion and configuration instruc¬ 
tions, which is what I expect 
from such a document. There 
are typos and grammatical 
errors on the Web page and 
within the Help file, which 
weakens my confidence in the 
information. 

Although I found Event¬ 
Sentry to be a good product 
overall, I had a few problems 


with it. Some parts of the inter¬ 
face require more clicks than I 
thought should be necessary; 
it isn’t always clear whether 
a button is depressed or not, 
such as when I was configur¬ 
ing the date and time settings 
for when notifications should 
be sent; and the reporting Web 
page doesn’t auto refresh. 
These are minor issues to 
which a user could adapt. 

However, I would not rec- 

IT Community 


EventSentry 2.72 

PROS: Simple to install 
CONS: Poor documentation; 
only one management console 
instance can run at a time 
RATING: ♦♦♦OO 
PRICE: From one host for $69 
to 150 hosts for $23.99 each; 
contact vendor for pricing for 
more than 150 hosts 
RECOMMENDATION: Offers 
affordable and reliable monitor¬ 
ing to small organizations. Not 
suitable for large IT departments 
needing multiple-user capabili¬ 
ties. 

CONTACT: NETIKUS.NET* 
877-638-4587 • 312-624-7698 • 
http://www.netikus.net 


ommend EventSentry to large 
organizations because of a 
fundamental architectural 
problem: The management 
console can be run only locally 
and can run only a single 
instance at a time. As a result, 
multiple users can’t access the 
management console simul¬ 
taneously. (By comparison, 
Microsoft Operations Man¬ 
ager—MOM—2005 has a 
complex architecture designed 
for delegation of responsibility 
to varying teams.) With Event¬ 
Sentry, a single computer is the 
focus of monitoring. 

I was pleased with Event¬ 
Sentry’s easy setup and 
configuration and found the 
monitoring capabilities ade¬ 
quate for the needs of smaller 
and less complex organiza¬ 
tions. Large IT organizations 
should give EventSentry a 
pass and go straight to MOM. 
However, smaller shops with 
the need to track some mis¬ 
sion-critical services and 
computers will be pleased with 
EventSentry’s ease of use and 
effectiveness. ^ 

—Joel B. Barker 
InstantDoc ID 94824 


If critical services are halted, the 
administrator receives an email notification, 
page, or network message. 
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IT PRD 

OF THE MONTH 


Meet our December 2006 
and January and February 
2007 winners! 


Sponsored by Microsoft 


December IT Pro of the Month 



Steven Fellwock 


Current Position 

Senior Server Administrator, 
Des Moines, Iowa 


A WINNING SOLUTION 


Active Directory Login Services 

To assist in a migration to a Windows network, Steven 
created an SQL database to hold group memberships and 
drive mappings from login scripts. An HTML front end lets 
users request drive mappings, exports the SQL data to an 
XML file, and replicates the data to all SYSVOLs. 


February IT Pro of the Month 


Stefan 
Suesser 

Current Position 

IT System Analyst, 

Kerpen, Germany 



January IT Pro of the Month 



Ersin Duma 


Current Position 

Systems Architect, 
Istanbul, Turkey 


A WINNING SOLUTION 


Scripted Dusiness Application 

To meet a customer's request, Ersin’s VBScript solution 
uses FTP to automatically retrieve a customer's payment 
file, submit the file to the banking system, then make the 
processed output file available to the customer. 


A WINNING SOLUTION 


Systems Management 
Server Migration Tool 

Thanks to the VBScript migration 
tool Stefan wrote, his company 
migrated its SMS 2.0 system into a 
new SMS 2003 installation auto¬ 
matically. The solution allowed the 
migration to be thoroughly and 
repeatedly tested in the lab and 
migrated live systems in minutes 
without error. 


Learn more about Steven, Ersin, 
and Stefan’s winning solutions at 

www.windowsitpro.com 

/itpromonth 





























Light Database Tools 

These solutions make it easy to enter the database realm 


W indows IT administrators are typically IT gen¬ 
eralists, and as such are responsible for man¬ 
aging a variety of systems and applications. 
With this responsibility can come the duty of purchasing or 
maintaining a database product. The good news is that a 
number of entry-level lightweight database products exist, 
and they really fill the bill for developers who are learning 
their way around the database world and Windows admin¬ 
istrators who must make product decisions for a small busi¬ 
ness or a department in a larger organization. Lightweight 
database products aren't intended for large-scale environ¬ 
ments, but they can be great solutions for smaller-scale 
implementations and one-person operations, and can 
also meet database-training needs. All the products in this 
Buyer's Guide, from open-source solutions to Microsoft and 
Oracle products, can be easily upgraded to the full-featured 
product line. 


Version Variety 

Although the number of light database products on the 
market isn't large, some vendors offer more than one 
version. For example, both Microsoft SQL Server 2005 
Compact Edition and Oracle Database Lite lOg are data¬ 
base products that let you build, test, deploy, and manage 
applications for mobile devices. These products allow 
offline data management capabilities to let you access your 
database and manipulate data while offline. (If the name 
SQL Server 2005 Compact Edition isn't familiar, that might 
be because the product was known as SQL Server 2005 
Everywhere Edition during its development phase.) 


When evaluating the free solutions, look at their built- 
in development tools—the functions and capabilities for 
each product differ. Data protection is always a concern, 
so evaluate each solution's data protection features. SQL 
Server Express, for example, has three levels of code-access 
security: Safe, External Access, and Unsafe. All three of the 
free solutions are available for download on the vendors' 
Web sites. 


Open Source 

Two open-source light database solutions are well accepted 
and in use in many organizations. MySQL is used by Yahoo!, 
NASA, and The Associated Press. PostgreSQL is used by 
a number of large universities, including the University 
of California at Berkeley and the University of Alabama, 
Birmingham, as well as in organizations such as Cisco and 
Sun Microsystems. Open-source database systems number 
reduced licensing costs and lower hardware expenditures 
among their benefits. 



Blake Eno 

(beno@windowsitpro 
.com) is a product editor 
for Windows IT Pro and 
SQL Server Magazine. 


Windows or Linux? 

The OSs that are installed in your environment will affect 
your choice of light database solution. If you're a Windows 
shop, you can choose among all of the solutions listed in 
the product table on page XX. If you support Windows and 
Linux or only Linux, you'll need to look at solutions other 
than SQL Server Express or SQL Server 2005 Compact Edi¬ 
tion. The open-source solutions PostgreSQL and MySQL 
support the greatest number of OSs. If you're a heteroge¬ 
neous shop, consider those products. 


No-Cost Solutions 

Microsoft, Oracle, and IBM offer free light database prod¬ 
ucts that are great starter databases to develop, deploy, and 
distribute. These products include SQL Server 2005 Express 
Edition, the light version of SQL Server 2005; Database lOg 
Express Edition, the light version of Database lOg Release 
2; and IBM DB2 Express-C, the light version of IBM DB2. 
There are appreciable differences between these three 
products. For example, DB2 Express-C, unlike the Oracle 
and Microsoft solutions, places no restrictions on database 
size. In addition, there are no restrictions to the number of 
instances or databases per server, and no restriction on the 
number of users with DB2 Express-C. If supporting user 
data types is important, you'll need to consider SQL Server 
Express—Database lOg Express Edition doesn't support 
user data types. 


Database Features 

A variety of database functions will come into play as you 
evaluate solutions. If you want a product that supports 
user-defined functions, triggers, user-data types, or stored 
procedures, use the product table to identify which of 
those functions each product supports. Although most 
vendors support database functions, a few do not. Another 
important factor is database maximum size. The propri¬ 
etary solutions, such as SQL Server Express, SQL Server 
2005 Compact Edition, Database lOg Express Edition, and 
Database Lite lOg, let you create databases as large as 4GB. 
However, DB2 Express-C, PostgreSQL, and MySQL impose 
no limits on database size. 

InstantDoc ID 95091 
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Buyer’s Guide I Light Database Tools 


Company 

Product 

Licensing 

Maximum 
Size of 
Database 

Limitations to RAM, Active 
Processes, and Instances 

Uses the 
Same Code 
as the Base 
Product 
Family 

Built-in Development 

Tools 


IBM 

800-426-4968 

http://www.ibm.com 

DB2 Express-C 

Free 

Unlimited 

4GB of RAM per 2 CPUs; no 
limitations on processes or 
instances 

Yes 

Yes 



DB2 Express 9 

$4,874 per 

CPU or $165 
per user (5- 
user minimum) 

Unlimited 

16GB of RAM per 4 CPUs; 
no limitations on processes 
or instances 

Yes 

Yes 


Microsoft 

800-642-7676 

http://www.microsoft.com 

SQL Server 2005 
Express Edition 

Free to obtain 

and use; 

royalty-free 

redistribution 

(registration 

required) 

4GB 

IGB of RAM 

Yes 

Yes; users can use SQL Server 
Management Studio to program a 
SQL Server Express Edition data¬ 
base. Alternatively, developers can 
use Microsoft Visual Studio 2005 
and the .NET Framework to build 
custom functions. 




SQL Server 2005 
Compact Edition 

Free to down¬ 
load, develop, 
and deploy 
applications; 
free for third- 
party redistri¬ 
bution 

4GB 

Unlimited 

Yes 

Yes; users can use SQL Server 
Management Studio to program a 
SQL Server Compact Edition data¬ 
base. Alternatively, developers can 
use Microsoft Visual Studio 2005 
and the .NET Framework to build 
custom functions. 


MySQL AB 

208-514-4780 

866-697-7522 

http://www.mysql.com 

MySQL 5.0 - includes 
both MySQL 

Enterprise and MySQL 
Community Server 
Editions 

Open Source 
GPL and 
commercial 
licenses 

Unlimited 

None 

Yes 

Yes 



Oracle 

800-223-1711 

http://www.oracle.com 

Oracle Database Lite 

10 g 

Per CPU 

4GB 

None 

No 

Yes 




Oracle Database lOg 
Express Edition 

Free 

4GB 

Single instance only on any 
server; executes only on 
one processor per server, 
but may be installed on a 
multiple-CPU server; will 
use only up to IGB of RAM 
of available memory 

Yes 

Incudes Application Express, a 
Web-based development and 
deployment tool; includes complete 
integrated set of Oracle Database 
programming interfaces, includ¬ 
ing SQL, PL/SQL, Java, C, PHP, 
Microsoft .NET, Oracle Application 
Express, C++, ODBC, OLE DB. 


PostgreSQL Global 
Development Group 

http://www.postgresql 

■org 

PostgreSQL 8.2 

BSD license 

Unlimited 

Unlimited 

Yes 

Development libraries and docu¬ 
mentation are included 
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Special Advertising Supplement 


D espite the rapid advances in 

microprocessor technology and 
performance, there are always application 
and business environments that need more 
processing power and capability At the 
other end of the spectrum there are small 
server workloads that can be virtualized and 
consolidated. 

For both these environments, Microsoft 
provides the Windows Server 2003 R2 
Datacenter Edition. Designed for the 
enterprise-computing environment, 

Datacenter Edition delivers on the enterprise- 
class reliability, scalability, and large-scale 
virtualization needs of the Windows Server 
corporate user. Historically, Datacenter Edition 
customers have been looking for a platform 
for their large-scale applications, but now 
they are also lowering their license costs 
by using Datacenter Edition for large-scale 
virtualization on small servers. With Datacenter 
Edition’s licensing changes that took effect 
October 1, 2006, the potential of unlimited 
virtualization rights gets added to the mix and 
Datacenter Edition is now available through 
Volume Licensing. Simply put, Datacenter 
Edition is the most powerful and flexible 
version ofWindows Server. 

Consider the issue of scalability; what was 
once a highly complex and difficult to deploy 
symmetric multi-processing environment 
is on the verge of becoming commonplace. 

As databases grow and Line of Business 
applications require capacity for large 
transaction volume and simultaneous users, 
implementing and deploying 8-way or larger 
servers is no longer the very limited and 
specialized niche it once was. 

IT departments are turning to Datacenter on 
large servers to scale-up the Windows-based 
line of business applications and databases to 
fit growing business needs, as well as migrate 
workloads from mainframes and Unix. But 
Datacenter Edition’s advantages aren’t limited 
to huge servers designed to replace mainframes 
and large Unix installations. Datacenter 
Edition’s unlimited virtualization capability, 


combine with the per-processor (not per-core 
like many other software companies) licensing 
model makes it the perfect operating system 
to take advantage of the power of current 
and future multi-core, multiprocessor server 
hardware. The introduction of quad-core 
processors from AMD and Intel has made 
large-scale virtualization on small servers with 
Datacenter Edition very cost-effective. 


Datacenter Edition has Lowest TOO 

ith the Standard and Enterprise Editions 
ofWindows Server 2003 R2, users 
are limited to 4- and 8-processor support, 
respectively. With Datacenter Edition, you get 
the ability to scale to as many as 64 processors 
(in the 64-bit version of the software) or 32 
processors (with 32-bit software).With Service 
Pack 2, Datacenter Edition now supports 
up to 2 TB of memory (in 64 bit versions; 

32-bit is still limited to 128 GB of RAM). 
Datacenter Edition is available for x86 32-bit 
architectures and 64-bit x64 and IA64 (Itanium) 
architectures. With the unlimited virtualization 
use rights of Datacenter Edition, and Datacenter 
Edition is the most cost-effective edition of 
Windows Server when the server is running 
more than 4 virtualized instances ofWindows 
Server per processor. 

The virtualization capabilities become a very 
important part of the Total Cost of Ownership 
equation. With the Standard Edition of 
Windows Server, a separate license is required 
for the host and each virtualized instance, 
with Enterprise Edition, the license allows for 
Enterprise Edition to be deployed as the host 
and up to four virtualized instances of either 
Standard or Enterprise Edition. But with 
the Datacenter Edition license you get the 
flexibility to deploy an unlimited number of 
virtualized instances of Standard, Enterprise, or 
Datacenter Editions with Datacenter Edition as 
the host operating system. These rights apply to 
all virtualization platforms. 

Datacenter Edition also has all of the reliability 
and availability features that are available 





Figure 1: Licensing Cost Breakdown of Virtualization—Example scenarios 


Number of 

Processors 
(single server) 

Number of 

Virtual Machines 

Standard Edition 
Licenses Needed and 
Cost 

Enterprise Edition 
Licenses Needed 
and Cost 

Datacenter Edition 
Licenses Needed 
and Cost 

1 

1 

1 = $719 

1= $2,334 

1= $2,381 

1 

4 

4 = $2,876 

1 = $ 2,334 

1 = $2,381 

1 

5 

5= $3,595 

2= $4,668 

1= $2,381 

1 

12 

12= $8,628 

3= $7,002 

1= $2,381 

2 

16 

16 = $11,504 

4 = $9,336 

2 = $4,762 

4 

32 

32 = $23,008 

8 = $18,672 

4 = $9,524 

8 

64 

N/A 

16 = $37,344 

8 = $19,048 

16 

128 

N/A 

N/A 

16 = $38,096 


in Enterprise Edition, plus the option of 
the Datacenter High Availability Program 
for solutions that need the highest levels of 
availability and reliability. The High Availability 
Program combines the Datacenter OS, high- 
quality servers configurations that adhere to very 
stringent requirements, 100% signed drivers, best 
practices for configuration management and 
change control, and end-to-end support from 
the OEM with escalations to Microsoft for faster 
problem resolution. Due to the configuration, 
test and support requirements, servers with the 
Datacenter High Availability Program are only 
available from qualified OEMs. Complete details 
on the program can be found at http://www. 
microsoft.com/ windowsserver2003/ datacenter/ 
deprogram, mspx 


Datacenter Edition is now available directly 
from Microsoft and resellers on Volume 
License agreements and can be installed on 
any 2-way or larger server capable of running 
Windows Server. It is no longer an OEM only 
product. OEMs can now sell 
Datacenter Edition on any 
server with as few as two 
processors and participation 
in the High Availability 
Program is now optional. With 
the unlimited virtualization 
rights now included in the 
Datacenter Edition license, 
users of Enterprise Edition 


(or even Standard Edition) with virtualization 
requirements will find that upgrading to 
Datacenter Edition will often make a great deal 
of financial sense. 

Cost breakdown 

ow that Datacenter Edition is easy to 
purchase through Volume Licensing and 
from OEMs on any 2-way and 4-way server 
that can run Windows Servers, a breakdown 
of the license costs will demonstrate that 
Datacenter Edition is most cost-effective 
when running more than 4 virtualized 
instances ofWindows Server per processor. 

This is due to the difference in the licensing 
model and pricing. Standard and Enterprise 
Edition are server-wide licenses, while 
Datacenter Edition is licensed on a per- 
processor basis. However, once you begin to 
factor in the cost of licenses for virtualized 
instances of the server software, the cost of 
Datacenter Edition becomes less expensive than 


Datacenter Edition is^ 

most cost-eftective 

when running more than 
4 virtualized instances 
ofWindows Server 

per processor. 











other editions ofWindows Server. As the number 
of virtualization instances continues to increase, 
Datacenter Edition becomes significantly less 
expensive to license, as shown in Figure 1. 

In higher-density environments (VMs per 
processor), the price deltas become even more 
significant. Using the model of a customer with 10 
2-way quad-core servers (16 licensed processors) 
running only 16 VMs per servers (only two VMs 
per processor core; a fairly light load) you get the 
following costs under the Open agreement in 
Volume Licensing: 

■ Standard Edition would require 
160 licenses: $115,040 

(1 license per VM) 

■ Enterprise Edition would require 
40 licenses: $95,360 

(1 license per 4 VMs) 

■ Datacenter Edition would require 
20 licenses: $47,620 

(1 license per processor) 

Customers with Microsoft Software Assurance 
coverage can step up their Standard and 
Enterprise Edition server licenses to Datacenter 
Edition processor licenses, so it is possible to 
preserve the existing investment. To do your own 
calculations, based on your own needs for servers, 


both physical and virtualized, you can make use 
of the Window Server Virtualization Calculator, 
which can be found at http://www.microsoft. 
com/windowsserver2003/howtobuy/licensing/ 
calculator.mspx. 

Saving Space, Electricity and License 
Costs with Server Consolidation 

ith the cost of physical space, management, 
powering and cooling servers continuing 
to rise with the number of servers, many 
companies are consolidating the number of 
physical servers through virtualization. Server and 
application consolidation is the most common 
consideration. A smaller number of physical 
servers means that you will reduce the TCO for 
your server farms. Even if you maintain the same 
number of server images via virtualization, you no 
longer have to deal with the issues surrounding 
physical server hardware (power, rack space, spare 
parts, maintenance, management) for as large a 
number of servers. Server consolidation may also 
mean that you are using a smaller number of 
larger and more powerful servers to handle the 
tasks that were previously distributed throughout 
the enterprise. 

For example, the virtualization aspect is also 
incredibly valuable if you are running your own 
Web farms. A single server can replace dozens of 
individual servers, making it possible to reduce 
the costs of maintaining highly available Web 




















infrastructures by a considerable margin, as the 
expense of maintaining only one or two servers, 
versus two or three dozen, especially in a high- 
reliability environment makes the initial purchase 
cost of Datacenter Edition seem almost trivial. 

Clearly there will also be large-scale line- 
of-business applications and single instance 
applications such as databases and data 
warehousing that simply need the capacity of large 
multiprocessor hardware. In these environments 
the high-availability and reliability features of 
Datacenter Edition server, as well as the support for 
large multiprocessor hardware is essential. 


Handling migrations 

B ig 8-way and larger servers are also 

exceptionally well suited for the migration 
from Unix and mainframe workloads. Some major 
Unix-based applications, such as SAP can simply be 
migrated to their Windows server versions, and is 
especially appealing if the majority of the corporate 
computing server environment is already Windows- 
based, simplifying the management of the formerly 
Unix-hosted applications. Windows Server has 
migration tools, such as Sub-systems for Unix-based 
Applications and interoperability features to ease 
the transition and support mixed environments. In 
the case of scalability, you can grow applications 
and databases on a large Datacenter Edition 
server beyond what was possible with Standard or 
Enterprise Edition as your business needs grow. 

It is also important to consider the effect of 
large-scale virtualization on the management and 
maintenance costs associated with running large 
server environments. With virtualization, you can 
take advantage of Datacenter Edition’s unlimited 
virtualization rights on 2-way and 4-way servers. 

The maintenance advantage of having fewer 
physical servers is clear; the fewer pieces of hardware 
that need maintenance contracts and IT support, the 
smaller the expense. The advantages of consolidated 
server management are equally important. The 
requirements to manage a smaller number of 
physical servers, and simplified management of 
the servers that have been virtualized, along with 
the ability to create virtualized server images that 


contain an entire server environment and can be 
easily backed-up and restored reduces the workload 
on the server IT staff. 



With the new Volume Licensing availability and 
virtualization licensing Windows Server 2003 R2 
DataCenter Edition becomes a much more practical 
solution for a larger number ofWindows Server 
environments. Datacenter is the most scalable and 
flexible version ofWindows Server 2003, able to 
grow with a business environment. Unlimited 
virtualization means that there is no more cost 
effective edition ofWindows Server than Datacenter 
for any environment planning on making significant 
use of virtualized servers. And the cost advantages in 
long-term TCO are significant, when compared to 
your existing server and application support costs in a 
non-virtualized environment. 

Visit www.microsoft.com/windowsserver2003/ 

datacenter/dcvalue.mspx 

for more information 


Register for the 

Datacenter Edition Web Seminar 

Join Microsoft on March 22 for a Web seminar on 
DataCenter edition, presented by David Chernicoff. 
Register here: http://www.windowsitpro.com/go/semi- 
nars/microsoft/datacenter 

















MicrosoftBusiness Intelligence 
Conference 2007 


May 9-111 Seattle 


Join us for the first-ever Microsoft Business Intelligence 
Conference, the inaugural, worldwide event for customers and 
partners. This exciting and informative conference will 
showcase Microsoft's market-leading business intelligence (BI) 
products, solution expertise and customer successes. 

The event will feature a keynote address by Steve Ballmer, CEO 
of Microsoft, and is designed to educate customers and 
partners on every aspect of Microsoft's BI offering. You can 
also expect educational tracks, customer best practices 
sessions, the first-ever Microsoft BI Awards presentation, 
hands-on labs, and much more! 


Attend this 3-day conference to see how Microsoft BI can help 
you drive increased business performance at strategic, tactical 
and organizational levels. You'll learn best practices from 
industry thought leaders and other Microsoft BI customers for 
designing, building and deploying robust BI applications for 
everyone in your organization, while controlling costs. It's one 
of the smartest investments you'll make all year! 

Who Will Benefit From Attending: 

- CIOs, CTOs, and IT Professionals 

- BI Team / Project Leaders 

- Business decision makers 

- Analysts 


For more information and to register visit 

www.microsoftbiconference.com 
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System 
Center Puts 


DSI 


into Practice 
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obody decides to pursue a career 
in IT because they find systems 
management fascinating. That's 
what a Microsoft Systems Management Server 
(SMS) MVP recently told me. And yet, IT pro¬ 
fessionals' highest priority, according to Win¬ 
dows IT Pro's 2006 Industry Trends survey, is 
"managing IT infrastructure," and their biggest 
pain point is "limited budgets and expanding 
responsibilities." Systems management may 
not be sexy, but it nevertheless consumes a 
huge amount of IT energy and effort—not to 
mention 70 percent of IT budgets. 

And Microsoft hasn't failed to note that all 
the work of maintaining a functioning infra¬ 
structure not only detracts from IT's ability to 
innovate and deploy new technologies but 
also presents an opportunity for competitors 
to lure IT away from Windows. The company is 
sharply focused on the fact that its competitive 
advantage hinges on continuously simplify¬ 
ing and unifying the management experience 
throughout the Windows environment (i.e., 
Microsoft OSs and applications such as SQL 
Server, Exchange Server, IIS, and Office). The 
Dynamic Systems Initiative (DSI) is Microsoft's 
companywide strategy to attack the manage¬ 
ment problem end to end, from application 
z development to IT to end users. DSI aims to 
3 unite IT and corporate developers in creating 

LD 

£ operationally aware applications that capture IT 
w 

> knowledge and incorporate health models that 

> facilitate troubleshooting and maintenance. 

£ A year ago, I talked with Microsoft Corpo- 

CL 

g rate Vice President Kirill Tatarinov about DSI 

CD 

£ and his Windows Enterprise Management 
o 

Division's (WEMD's) System Center products, 
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which were being developed with the vision of 
bringing DSI to life by enabling self-managing 
dynamic systems ("Radically Simplify IT," April 
2006, InstantDoc ID 49503.) This year, as the 
latest version of System Center products begin 
to reach the market, I again spoke with Tatari¬ 
nov, as well as System Center General Manager 
of Marketing Larry Orecklin, to discuss the 
products and how they address your priorities 
and pain points. 


DSI Progress 

Forster: What would you say are the two most 
important DSI developments in the past year? 

Tatarinov: We worked closely with the industry 
to take their feedback and fine-tune the strat¬ 
egy and initiative. A couple things happened: 
One is standards-related. DSI revolves around 
the very important concept of applications 
that are "designed for operations." But we have 
a robust hardware partner ecosystem, includ¬ 
ing networking vendors, storage vendors, and 
ISVs. Unless we have a standard that enables 
people to define their systems using a language 
that all the partners can understand, we won't 
be able to fulfill the "designed for operations" 
dream. One of the biggest realizations we had 
about DSI is that the language for expressing 
system constraints and the meta-model needs 
to be standard. That was the driver for turn¬ 
ing our proprietary SDM [System Definition 
Model] into the published specification called 
SML [Service Modeling Language]. 

Orecklin: SML is how you describe an IT 
Connecting the IT Community 


by Karen Forster 

service, the components in that service, and 
the relationships between those. Customers' 
environments are increasingly heterogeneous. 
When we thought about how our SDM model 
compares with other initiatives in the industry, 
we worked with more than ten industry leaders 
to form the SML Working Group, which has 
SDM at its core. Since the initial announce¬ 
ment, many more are looking to join. 

Tatarinov: IBM, Cisco, EMC, HP, and others 
are helping take the original specification to 
the next level, and in the next three to four 
months, hopefully, make it the industry stan¬ 
dard. 


Orecldin: There's also an industry initiative 
called the Configuration Management Data¬ 
base [CMDB] Federation Consortium. CMDB 
helps define and catalog all [IT] assets and 
components and the state of those assets. We 
joined that group and are working with them to 
adopt SML as the core language and modeling 
infrastructure. 

From a designed-for-operations perspec¬ 
tive, standards is the key technical movement. 
All our products are leveraging this common 
model infrastructure as a way to describe and 
capture the knowledge that exists all the way 
from the developer through to the end users. 
It's incorporated in Visual Studio [VS}. It's a 
core part of the System Center portfolio. 

Forster: You mentioned two key results that came 
from industry input. The first was the standards 
you just discussed. What was the second? 
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Tatarinov: The second is fine-tuning DSI by 
considering a new persona: the business archi¬ 
tect. This concept originates with feedback we 
got from industry analysts. This persona thinks 
about the connection of business and IT. So 
now DSI addresses the developer, IT profes¬ 
sional, and business architect to provide the 
CIO an enterprise governance view. 

How do you define the ecosystem and the 
collection of tools that will plug in together and 
deliver complete umbrella-style management 
so that the CIO would be able to understand 
and see a concrete set of reports that span proj - 
ect management, asset allocation, governance 
and compliance, traditional IT infrastructure 
management, and development aspects all 
coming together? The business architect per¬ 
sona fulfills the CIO's dream in that scenario. 


beginnings 

of "operational 
awareness" 

and end-to-end 
manageability 



Forster: What's the purpose of these personas in 
relation to DSI? 

Tatarinov: DSI works by connecting several prod¬ 
ucts that fulfill an individual persona's needs. The 
VS brand is for developers and architects. System 
Center is for IT managers. Microsoft Project and 
Microsoft Office are for business architects. The 
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connection happens through standard inter¬ 
faces, standard schemas and models, and point- 
to-point connectors that are being built. 

We also define very crisp scenarios for how 
those connections work. A simple scenario: I'm 
the developer. I built the system. The system 
automatically gets provisioned and goes into 
operations. When operations sees an alert, 
that alert is automatically mapped back to the 
developer environment and gets logged as a 
bug for the developer who built this system. 
Then the bug can be corrected, and the fix auto¬ 
matically finds its way back into production. 

Forster: How does DSI differentiate System Cen¬ 
ter products from third-party products? 

Tatarinov: All the System Center products share 
DSI-based characteristics: First is ease of use 
(and I put ease of deployment in the same cate¬ 
gory). Management products have been hard to 
use and leam and require significant consulting 
engagements before they can be deployed and 
scaled. This is something we've tried to reduce. 

Second, System Center products are driven 
by knowledge that we assembled from the 
industry and from focusing on our customers. 
For example, we worked to understand the 
backup and restore needs of our SQL Server, 
Exchange Server, and SharePoint customer 
base. We also spent time with Exchange cus¬ 
tomers to understand what they need to pro¬ 
actively correct errors with as little downtime 
and manual intervention as necessary. The 
knowledge we gained has manifested in the 
System Center products and is a critical attri¬ 
bute and differentiator for our products. 

Third is scalability. We scale up to the 
largest enterprises out there and down to 
the smallest organizations. Scalability up and 
down is an important differentiator. 

Operations Manager 

Forster: System Center Operations Manager 
2007 (Ops Manager), the successor to Microsoft 
Operations Manager (MOM), is the first prod¬ 
uct to be renamed under the new brand. How 
does it incorporate DSI? 


Tatarinov: With System Center Operations 
Manager coming out in April, customers can 
take advantage of the model-based manage¬ 
ment approach and apply it to management of 
services. You will be able to define the model 
of a service and manage that service the same 
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way end users see that service. 

Orecklin: Historically, the industry focused 
on monitoring things—the server, the applica¬ 
tion. But it's crucial to look end-to-end at how 
to deploy, manage, and monitor a service. 
Take messaging, for example: I care about my 
Exchange server, the network, my SAN, and 
AD. I need to ensure that each component is 
being managed and monitored but also that 
they all roll up to provide an end-to-end view 
of the entire messaging service. To do service- 
level monitoring, [Ops Manager has] new 
views, templates, and wizards to easily define 
and create a template out of the box. That 
includes management packs for all Microsoft 
components, as well as for our partners' on 
hardware, network, storage, and so on. 

System Center 
Configuration 
Manager's first 
focus is radically 
simplifying OS 
deployment. 

Next, you can capture knowledge about the 
desired state and health of an application and 
easily monitor and manage that over time. Inline 
tasks are right in the UI when things go wrong, 
and all the knowledge base associated with that 
application is right there. We've also extended the 
concept of knowledge down to the client. When 
errors occur, we can capture knowledge about 
an application, OS, or hardware from clients. 
You can view client information at the enterprise 
level or at the group level and link to the Microsoft 
Knowledge Base. You don't have to wait for a user 
to call about a problem on a machine. 

The least intrusive level of client manage¬ 
ment is agentless exception monitoring. The 
applications surface up their events so the 
customer can monitor and report trends. We 
also have client management packs for Win¬ 
dows Vista and Office 2007 so we can actively 
monitor and manage business-critical clients. 

Configuration Manager 

Forster: System Center Configuration Manager 
2007 (SCCM), the next release, is currently in 
private beta and goes to public beta in early Q2 
of2007. RTM is set for summer or early autumn 


of2007. How does SCCMfit in the DSI picture? 

Tatarinov: Customers get the ability to use 
SCCM as their definition and enforcement 
mechanism to apply a model-based approach 
to defining the desired state of their environ¬ 
ment and making sure that environment stays 
consistent with their desire. 

Orecklin: Desired-configuration management 
(DCM) is where the notion of knowledge and 
models comes into play. You can use modeling 
to define the desired state of a client and an 
application and then monitor that over time 
to identify drift from the desired state. From 
a security and compliance perspective you 
need to monitor and manage drift and either 
automatically update or take an action. 

Obviously, this is a bigyear with Vista, Office, 
and Longhorn Server coming out, and compa¬ 
nies are looking for help. SCCM's first focus is 
radically simplifying OS deployment. In the past, 
this has been a complex and manually intensive 
process. We provide a single integrated tool for 
each OS image "instance." For example, SCCM 
provides an integrated view of desktops, laptops, 
and servers. We found that many customers are 
maintaining dozens or hundreds of OS images 
because of varying hardware driver sets. SCCM 
provides a Driver Library so that IT can decou¬ 
ple the drivers from the core image, significantly 
reducing the number of OS images necessary to 
maintain their user base. In addition, preparing 
an OS image for deployment revolves around 
dozens of individual tasks such as configuring 
security settings, joining domains, and so on. 
So we developed a new feature called the Task 
Sequencer in which dozens of tasks are avail¬ 
able and an administrator can drag and drop 
tasks in the correct sequence for each user set. 
Finally, customers asked us to improve ease 
of use and reduce complexity. For example, 
deploying a patch in an enterprise with SMS 
could take as many as 18 screens. With SCCM, 
that's down to as few as six mouse clicks. 

System Center Essentials 

Forster: Readers in small and medium-sized 
organizations tell me they are excited about 
System Center Essentials (SCE), which is slated 
to ship in the first quarter of 2007. (Ed Roth 
puts SCE through its paces in "System Center 
Essentials 2007Beta 2f page 23.) 

Tatarinov: SCE plays into a market where cus- 
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tomers have fewer than 500 PCs. This market 
segment has been underserved historically. 
People are starving for a solution. We talked 
about different personas. This person has to 
deal with every aspect of IT, and we want to 
enable that person to do everything with a 
simple, easy-to-use interface. SCE will enable 
that person to easily configure devices—be it 
servers or desktops—and distribute software 
to those devices. SCE also lets this person 
monitor network, servers, and devices in a very 
simple way. 

Virtual Machine Manager 

Forster: Virtualization is the hottest technology 
in our industry, and competition is already out 
there. System Center Virtual Machine Manager 
(VMM) is in beta, scheduled for launch in Q3 of 
2007. What's your competitive angle on manag¬ 
ing a virtual environment? 

Tatarinov: We thinkyou can't look at virtualiza¬ 
tion in isolation. Our approach to virtualization 
management is to bring it under the context of 
the infrastructure and enterprise management 
overall. System Center Virtual Machine Man¬ 
ager is the product that will extend Operations 
Manager and Configuration Manager into the 
domain of virtual machines and enable those 
products to provide seamless management 
of both the physical and virtual environment. 
This is the core differentiator for Microsoft 
compared to other players in that space. 

Forster: What are the challenges in managing a 
virtual environment? 

Tatarinov: It's a whole lot more dynamic com¬ 
pared to physical machines. Things like rapid 
discovery and capacity-based and on-demand 
provisioning become much more important 
than in the physical world and are done on a 
much more frequent basis. 

Forster: How do you differentiate VMM from 
competitors such as VMWare? 

Tatarinov: We're combining the management 
of physical and virtual environments, and we 
enable people to use the same interfaces to 
manage their entire application, entire service, 
whether it's implemented on a physical or 
virtual machine. 

In Longhorn Server, with Windows hyper¬ 
visor, we're now thinking of virtualization 
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as a component, or feature, of Windows as 
opposed to being something standalone. A big 
differentiator that customers recognize is that 
Windows has virtualization as a feature. 

Data Protection Manager 

Forster: System Center Data Protection Manager 
(DPM) has been a successful disk-based backup 
solution for file and print servers. The demand 
for DPM to also back up SQL Server and 
Exchange has been high since DPM launched. 

Tatarinov: DPM V2 will support SQL Server, 
Exchange, and SharePoint. DPM V2 also pro¬ 
vides archiving capabilities and works directly 
with tape drives. We're enhancing and simpli¬ 
fying the UI, which is already much simpler 
than what the rest of the industry could offer. 
It's going to be a killer product. 

Service Desk and VSTS 

Forster: The new System Center product code 
named "Service Desk" is currently in private 
beta, with a public beta slated for April2007and 
RTMfor a year later. What is Service Desk? 

Tatarinov: The product provides a platform for 
end-to-end IT management and a framework 
to build solutions on top of that. Service Desk 
includes a workflow engine that will provide 
the basis for how we automate IT processes, 
and the implementation of the SML-based 
CMDB, which will be the foundation of our 
asset- and change-management capability. 
Following DSI's principle of capturing knowl¬ 
edge in models, Service Desk will include 
workflow templates for key customer sce¬ 
narios. Service Desk will also deliver unprec¬ 
edented integration with both Operations 
Manager and SCCM. 

Avery important platform aspect of Service 
Desk is a self-service portal. We're focused on 
enabling end users to do as many things as 
possible. So IT pros can define a policy. Then 
that policy is applied to the organization, and 
the end user is empowered to automatically do 
things that the policy allows. 

Forster: Service Desk seems to bring 'designed 
for operations"full circle by providing a means 
to feed production and user data back into the 
development process through VSTS (Visual Stu¬ 
dio Team System). (Sam Guckenheimer, a group 
product planner in the VSTS group, explains the 
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role of VSTS in DSI in the Web-exclusive sidebar 
“System Center 'ServiceDesk' and VSTS: Where 
IT and Dev Meet," InstantDoc ID 95147) 

Tatarinov: "Designed for operations" is a prime 
DSI concept—DSI being the connector of the 
entire system life cycle. Manageability and oper¬ 
ational disciplines need to come early in the 
cycle, and everybody who builds the system 
needs to think about manageability. They need 
to be creating health, configuration, and task 
models early in the design phase rather than 
employing the traditional approach, which was: 

Build the system first, it goes into production as 
a black box, and then someone else—like a tra¬ 
ditional systems management vendor—comes 
in and pokes at that black box to find out what's 
going on. You can't manage the unmanageable. 

If a system is created as an unmanageable black 
box, it's going to remain a black box and you'll 
just spend more money trying to manage it. 
"Designed for operations" means there are no 
black boxes. The system is created to be easily 
put into production and easily managed. 

Forster: Integration of IT knowledge is a core 
tenet of DSI, so how does Service Desk incorpo¬ 
rate that knowledge? 

Tatarinov: The knowledge we assembled and 
put into the market in the form of Solution 
Accelerators will be encoded in Service Desk. 
Another important aspect: Every serious IT 
organization has litde books in which its knowl¬ 
edge is written. Those organizations will be able 
to encode that knowledge and make it residual. 

In Service Desk, you'll be able to define best 
practices and policies for applying change or 
managing assets and for levels of approval, and 
it's all going to live in the product. 

Doing the Right Thing 

System Center isn't going to make systems 
management sexy, but the vision of enabling 
self-managing dynamic systems is going to 
help IT deal with its highest priorities and 
greatest pain points. By focusing on simplifying 
IT, Microsoft is protecting and conserving its 
greatest asset—its customers. 

InstantDoc ID 94969 

Karen Forster 

(karen@windowsitpro.com) is group editorial director 
of Windows IT Pro and SQL Server Magazine and former 
director of Windows Server User Assistance at Microsoft. 
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TRANSFORMS 

MESSAGE 

ROUTING 

Changes in the routing process lead to more 
efficient message transport 


icrosoft Exchange Server 2007 intro- Exchange 2007 deployment in environments with 
duces a lot of changes to the Exchange multiple routing groups, 
world. Most of these changes have been 
well-publicized, such as the move to 64-bit hardware 
and the introduction of the Exchange Management Out of Site 

Shell—based on Windows PowerShell—as a new Since the release of Windows 2000, Microsoft has 
scripting environment. However, there are other provided a set of tools for working with segmented 
changes that have received less attention because networks: the Active Directory (AD) site, site link, 
they don't apply universally to every Exchange and site link bridge objects. These objects provide 

organization. One of these changes is the shift in a way to add knowledge of the underlying network 

how Exchange 2007 uses routing groups: In brief, it to an AD topology. Windows uses this information 
doesn't! Let's look at the routing changes in Exchange to perform a variety of tasks. For example, when a 

2007 and see what you need to do to prepare for computer boots, it can issue DNS queries to find out 

which domain controllers (DCs) are in the 
same site because these should be more 
readily available and faster than DCs in 
nonlocal sites. 

You should think of a site as a collec¬ 
tion of connected IP subnets. Sites aren't 
the same as domains; a domain can span 
multiple sites, and a site can contain 
multiple domains. However, the design of 
the Windows site model means that every 
computer (whether server or client) must 
be a member of exactly one site. When 
you set up AD in a new forest, you get a 
new site named Default-First-Site, and 
your DCs all go into it unless you manually 

Fiqure V Adding new s ’ tes anc ' site ^■ n * <s v * a Active Directory create new sites. As you create new sites, 
Sites and Services console computers will be assigned to the correct 

site based on their IP address. 




by Paul 
Robichaux 

(troubleshooter® 
robichaux.net) is a princi¬ 
pal engineer for 3Sharp, an 
MCSE, and an Exchange 
MVP. He is the author of 
several books, including 
The Exchange Server 
Cookbook (O’Reilly and 
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the http://www.exchange 
faq.org Web site. 
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Message Routing 


Site links are network constructs that join 
independent sites. Site links have costs associ¬ 
ated with them; using these costs, Windows 
can construct a least-cost path for specific 
types of network connections. For example, 
Windows uses the set of site links you define to 
find the most efficient path for AD replication. 
For our purposes, we don't really care what the 
underlying network implementation of the site 
link is, merely that a link exists between sites. 

Sites and site-link definitions are kept in 
order by the Windows Knowledge Consistency 
Checker (KCC) service. Don't confuse this 
with the Exchange Server 5.5 KCC, nor with 
the process of the same name in the Exchange 
Server 2003 and Exchange 2000 Server Site 
Replication Service (SRS). The Windows KCC 
is responsible for ensuring that the system's 
map of which DCs are in which sites is up to 
date. If the map diverges from the actual net¬ 
work topology, replication problems are likely 
to occur. 

You add new sites and site links by using 
the Active Directory Sites and Services console, 
which Figure 1, shows. You specify the sites 
first, then define links to represent the underly¬ 
ing network connections. 

Changes in Message 
Routing 

Exchange 2003 and Exchange 2000 let you 
define multiple routing groups within a single 
Exchange organization. Each routing group 
has a single computer that acts as the rout¬ 
ing group master, plus one or more rout¬ 
ing group members. Within a routing group, 
individual servers maintain their own link 
state table: a series of vectors that indicate 
the endpoints of a link, its cost, and its sta¬ 
tus. You can view the contents of a server's 
link state table by using the WinRoute tool, 
which you can download from Microsoft's Web 
site (http://www.microsoft.com/downloads 
/details.aspx?familyid=c5a8afbf-a4da-45e0- 
adea-6d44eb6c257b), but it's enough to know 
that individual servers update their local link 
state tables whenever they notice changes to 
a link's status. When this update occurs, the 
server shares its updated link information with 
its routing group master, which in turn floods 
the other servers in the routing group with a 
knowledge update. 

This architecture offers a flexible way for 
individual servers to determine which links 
are available, but it suffers from scalability 


problems in large networks. Furthermore, it's 
devilishly difficult to get incorrect or corrupted 
entries out of all the link state tables in your 
Exchange organization; to do so, you have to 
turn off the routing engine service on every 
Exchange server in your organization, and they 
all have to stay off until the last server's engine 
is off. At that point, you can restart the routing 
engine and allow servers to re-create their local 
copies of the routing map. 

In addition to these problems, it can take 
a while for changes to the link state table to 
propagate throughout the organization; rout¬ 
ing changes can occur faster than they can be 
broadcast to all servers in the network. Adding 
to this complexity, routing groups must be 
linked by Routing Group Connectors (RGCs), 
and each connector has to specify at least one 
bridgehead server on each end. RGCs aren't 
terribly useful for routing configurations where 
there's only one path out of a given routing 
group. 

Like Exchange 2003 and Exchange 2000, 
Exchange 2007 uses SMTP as its primary mes¬ 
sage transport protocol. However, Exchange 
2007 makes some major changes to mes¬ 
sage routing to both simplify the process and 
improve its reliability. First, it introduces the 
Hub Transport server role. Hub Transport 
servers move messages between Mailbox serv¬ 
ers and the outside world; for example, if Alice 
and Bob are on two different Mailbox servers, 
any messages that Alice sends to Bob must 
pass through a Hub Transport server. Also, 
messages coming in from the Internet must 


pass through a Hub Transport server even 
if they've already passed through an Edge 
Transport server. Even in an organization with 
a single Mailbox server, you'll still need at least 
one Hub Transport role. But the Hub Transport 
role can coexist with other server roles, so you 
don't need a separate physical server. 

The Hub Transport role acts as a sort of 
universal bridgehead for the site it's in; any 
Hub Transport server in any site can commu¬ 
nicate with any other Hub Transport server in 
the organization. Mailbox servers will always 
attempt to route outbound mail to a Hub 
Transport server in the same site first, and 
a Hub Transport server has to accept mail 
for delivery to its same-site Mailbox servers. 

You don't have to do anything to make this 
process happen. If the Hub Transport server 
in the Mailbox server's local site is down, the 
Mailbox server will attempt to find the nearest 
Hub Transport server according to the AD site 
topology. 

Next, Microsoft eliminated the concept of 
routing groups altogether. Exchange 2007 still 
has a single default routing group, provided for 
coexistence with Exchange 2003 and Exchange 
2000, named DWBGZMFD01QNBJR (which 
happens to be EXCHANGE 12ROCKS shifted 
down one character). All the Exchange 2007 
servers you add will end up in this default 
routing group; there's no supported way to put 
them into a legacy Exchange 2003 or Exchange 
2000 routing group. If you have more than 
one legacy Exchange routing group, you'll 
need to expend some effort to provide coexis¬ 
tence between those routing groups and 
Exchange 2007's routing behavior. Dur¬ 
ing installation of Exchange 2007, you'll 
be asked to choose a bridgehead server 
in the first Exchange 2003 or Exchange 
2000 routing group; this step is required 
so that the Exchange 2007 installer can 
create an RGC to link the Exchange 2007 
routing group with your existing routing 
groups. You can create additional RGCs 
to get more granular control over the 
routing process if you like. For best mes¬ 
sage routing, Microsoft recommends 
that you create additional RGCs from 
each of your existing routing groups 
to the Exchange 2007 routing group, 
essentially making it the hub of a hub- 
and-spoke routing topology. Using this 
topology reduces the number of hops a 
message has to take between different 
legacy routing groups. 
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Learning Path 


WINDOWS IT PRO RESOURCES 

To learn more about Exchange Server 2007: 

“Surveying Exchange 2007,” InstantDoc I D 50052 
“Get Ready for Exchange 2007 Now,” InstantDoc I D 93652 

To learn more about using AD: 

“AD Sites, Part I,” InstantDoc ID 8703 
“AD Sites, Part 2,” InstantDoc ID 8932 
“6 Essential Tools for Troubleshooting AD Replication,” 
InstantDoc ID 24222 

MICROSOFT RESOURCES 

“Message Routing in a Coexistence Environment” 
http://technet.microsoft.com/en-us/library/f8laab39-ff50- 
4950-a2fl-25c3f0bb66ec.aspx 
“How to Set the SuppressStateChanges Registry Value” 
http://technet.microsoft.com/en-us/library/875ae7f8- 
446d-4786-85d2-7l9ac7093cf6.aspx 
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IT Pro Hero 


EXCHANGE 2007 


Lessons 

from Microsoft IT 

Microsoft Exchange admin Derek Ingalls 
reveals the ups and downs of 18 months 
of “dogfooding” Exchange 2017 

R iding the bleeding edge of technology is a typical part of a 
Microsoft IT administrator's job. Although many Exchange 
admins will likely migrate gradually to Exchange Server 
2007 as early adopters work out the product's kinks, at Microsoft the 
Exchange 2007 production rollout to 70,000 users is in full swing. The aggressive rollout is backed 
by more than 18 months of testing by both the Exchange product team and IT, in keeping with 
Microsoft's “dogfooding" philosophy of deploying its own products in house before releasing 
them to the public (for more information, see the Web-exclusive article “Eating Its Own Dog 
Food," March 2005, InstantDoc ID 45597). Derek Ingalls, general manager, and other members of 
the Exchange IT staff spent all of2006 and much of 2005 intensively engaged in testing Exchange 
2007 on a 5,500-mailbox Exchange server dedicated to dogfooding. I spoke with Derek about 
how his team made the shift from Exchange Server 2003 to Exchange 2007 and how their dog¬ 
fooding experiences can guide other IT pros on the path to Exchange 2007. 



There are a few other site-related changes 

in Exchange 2007: 

• Public folder referrals have changed. 
Exchange 2003 and Exchange 2000 use a 
complicated algorithm to find the least-cost 
replica for a given mailbox client. That algo¬ 
rithm is dramatically simplified in Exchange 
2007: The Information Store (IS) builds a list 
of all the public folder databases it can find, 
ranking them by access cost; databases in 
the current site are least expensive, and the 
rankings for the rest of the list are controlled 
by the site-link costs. 

• Unified Messaging (UM) servers use site 
membership to find the best Hub Transport 
server for delivering a message to a particu¬ 
lar user mailbox. 

• Client Access servers use site member¬ 
ship to determine whether a user request 
should be redirected to another Client 
Access server. For example, say user A has 
a mailbox in site 1, but she connects to a 
Client Access server in site 2. The site 2 Cli¬ 
ent Access server can detect that the user's 
mailbox is in site 1, so it will redirect the 
request to a site 1 Client Access server. 


0: What overall process did you follow In 
dogfooding Exchange 2007? 

A: This upgrade was much different for us than previous Exchange upgrades. For us, Exchange 
2003 was a lot like a service pack upgrade. We upgraded the entire environment in a weekend. 
But the Exchange 2007 upgrade process was quite a cycle. From the time we built the first server 
and put the first production mailboxes on it, we had milestones all along the way. As you know, 
Exchange 2007 consists of server roles, and not all the roles were done initially. Our first mile¬ 
stone was having the first Client Access server, then production mailboxes on a Mailbox server, 
then the first Edge server, and so on. 

0: What was the most difficult part of the 
transition to Exchange 2007? 

A: We had some significant battles about storage. Because Exchange 2007 isn’t as disk-I/O 
intensive as previous versions, you can use larger, slower, and less-costly disks for storage. And 
because high-availability features in Exchange 2007, such as Cluster Continuous Replication 
(CCR), mean you aren't so dependent on a single piece of storage, you can consider using 
less-reliable storage. When we were on Exchange 2003, we used a clustered SAN and had four 
nines of absolute availability. The notable exceptions to this availability were always related to 
storage outages. 

The Exchange team took that problem to heart and wanted to reduce [Exchange users'] 
dependency on SANs specifically. So understanding that customers will want to deploy a num¬ 
ber of different storage scenarios in Exchange 2007, they needed us to validate the “crazier" 
scenarios—such as using DAS or Serial Attached SCSI (SAS). 
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How Messages Flow 

Remember that a Hub Transport server 
must touch every message sent between two 
Exchange 2007 users, even if the users are on 
the same Mailbox server. With that in mind, we 
can explore some of the interesting differences 
in Exchange 2007 message routing. There are 
really only two possible scenarios: Either the 
sender and recipient are in the same site, or 
they're in different sites. 

Consider the simplest case: two users on 
the same Mailbox server. User A's message is 
submitted to the IS, which routes it to the Hub 
Transport server (which, in this case, is prob¬ 
ably on the same physical server), which routes 
it to B's mailbox. Site information doesn't play 
an obvious role in this process, but the Hub 
Transport server still has to check AD for site 
data to determine whether B's mailbox is in 
the same site. From this, you can easily see 
that the same-server and same-site cases are 
essentially the same and will work the same 
way. 

The more complex—and interesting— 
case is when the sender is in one site and 
the recipient is in another. In this case, the 
sender's client submits the message to the 
sender's Mailbox server, which then sends it 
www.windowsitpro.com 
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TONY REDMOND HP 

Exchange 2007 represents the third generation of Exchange server. The migration from the first genera¬ 
tion (5.5) to second (2000) posed some problems because of the requirement to deploy the Active 
Directory and a new architecture for Exchange. The same may be about to happen as we move to Exchange 
2007 because the same type of architectural change exists alongside the need to deploy a brand new 
Windows 64-bit platform. This session covers the essential points that you need to know about Exchange 
2007 to help you prepare to deploy the new version, including the many holes that an unwary administra¬ 
tor can fall into. 


Tony Redmond is the Vice President and Chief Technology Officer for HP Services. He is responsible for the technology strategy and leadership of HP Services, 
including the development of the HP Services technology community, including overseeing the implementation of the Technical Career Path (TCP), Professions, 
and advancing a knowledge culture within HP Services. He is responsible for driving a common R&D and technology leadership across the HP Services business 
units. Tony is the Security Lead for HP and manages the HP Security Office, which is responsible for setting the strategy and direction for HP's security initiative 
and coordinating activities across all business units. 


ATTACKER TRENDS AND TECHNIQUES: AN UPDATE 



STEVE RILEY MICROSOFT 

The bad guys just keep getting better! They're constantly changing their tactics and inventing new tech¬ 
niques to cause you harm, damage your data, and make your resources unavailable. Why do they do this? 
What motivates someone to—let's call it what it is-commit computer-related crimes? How have they 
changed and improved? What kinds of attacks are popular now and why are they so effective? What might 
we expect to see in the future? Steve Riley will help you understand the latest in attacker trends and tech¬ 
niques so that you can plan appropriately and implement effective processes and technologies to mitigate 
their threats. 


Steve Riley's career at Microsoft began in 1998 in the telecommunications practice of Microsoft Consulting Services where he worked with several ISPs and 
ASPs to design highly-available network architectures, develop hosting platforms for various custom and off-the-shelf applications, and deploy complex multi¬ 
site VPNs. His specialization in security led him next to the security consulting practice, where he worked with many customers to conduct security assess¬ 
ments and risk analysis, deploy technologies for attack prevention and intrusion detection, and assist with occasional incident response efforts. Steve is now 
a product manager in Microsoft's Security Business Unit. He is a frequent and popular speaker at conferences worldwide, often appearing in Asia one week 
and Europe the next; Steve's speaking engagements have included multiple Microsoft TechEds and other conferences, plus SANS, RSA, Black Hat, Windows IT 
Pro roadshows, and InfoSec US. When not evangelizing the benefits of Microsoft security technology, Steve spends time with customers to better understand 
the security pain they face and show how some of that pain can be eliminated. Steve's technical specialties include network and host security, communica¬ 
tion protocols, network design, and information security policies and process. 


LIVING THE LONGHORN LIFE: 

WHAT'S UP WITH SERVER 2007 (OR MAYBE, 2008) 


MARK MIINASI MR&D 

Microsoft released the new desktop, Windows Vista, in November 2006... but that's just the start. A new ver¬ 
sion of Server's right on its heels-formerly code-named "Longhorn Server,” it'll either be named Windows 
Server 2007 or 2008, depending on when it ships. But no matter what its name, Server 2007/8 will pack a 
ton of new stuff, from some really good news in Active Directory to some nifty new deployment tools, a 
quarantine system that'll help you keep the worm-ridden systems off of your network, a revamped Web 
server, and a few truly long-awaited changes in group policy. How can you find out about all of this? Well, 
you could download a few terabytes worth of white papers and start sifting through them to separate the 
wheat from the chaff, or you could attend this short session by Mark Minasi, the guy who's been explaining new operating 
systems since Windows 1.0. Come to this session and find out why Server Core may be your favorite new piece of software! 



Mark Minasi is an author, a technology columnist, a commentator, a keynote speaker, and an all-around alpha geek. What separates him from many of the 
other alpha geeks is that he knows how to explain things to normal humans and often make them laugh while doing it. He's probably best known for his books, 

Mastering Windows NT Server { Sybex), Mastering Windows 2000 Server, and The Complete PC Upgrade and Maintenance Guide and his 

columns in Windows IT Pro. Mark has also authored 17 other technology books, spoken on technical topics in 20 countries, and written and appeared in a 
dozen technical education videos. His most recent works are Mastering Windows2000 Server, Third Edition and Mastering WindowsXPProfessional. 
He has also written Linux for NT/2000 Administrators and a seventh edition of Mastering Windows NT Server 4.0. 
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It's the all-new, rearchitected, more powerful messaging and groupware 
platform from Microsoft: Exchange Server 2007! Packed with new fea¬ 
tures, new architectural options, and new capabilities, Exchange Server 
2007 is also the first fully automatable and command-line-managed server 
product from Microsoft, leveraging the Windows PowerShell shell and 
scripting environment. Rely on Exchange Connections to connect you with 
the most respected and relied-upon subject-matter experts in the world for 
Exchange Server 2007. Come to Exchange Connections to: 

Learn about new architecture options in Exchange Server 2007, including 
ways of scaling out your Exchange Server environment bigger and better 
than ever before. 

Discover how Exchange Server 2007 works under-the-hood, including 
data management, engine details, troubleshooting and disaster recovery, 
and much more. 

■ Provide your users with anywhere e-mail access through an all-new 
Outlook Web Access, mobile e-mail access, and much more. 

Keep your Exchange Server 2007 environment secure with information 
on internal security, antivirus, anti-spam, and other measures that keep 
your environment and your users safer. 

■ Learn about deployment and migration techniques and issues, making your 
Exchange Server 2007 migration and deployment easier, safer, and faster. 

EXCHANGE CONNECTIONS COVERS THE TECHNOLOGIES YOU NEED: 


DISASTER RECOVERY 

Continuous Backup 
Standby Cluster Recovery 
Online Backup Recovery 

SECURITY 


MIGRATION AND DEPLOYMENT 

Migration Issues 
Deployment Techniques 
Performance Optimization 

END-USER FEATURES 


MICROSOFT EXCHANGE SERVER 2007: 
THE NEXT GENERATION OF EXCHANGE 

Exchange Server 2007, the next major version of 
Exchange, will be a leap forward in enhancing the 
information worker's access to larger mailboxes 
while giving the e-mail administrator a more man¬ 
ageable and secure e-mail infrastructure. In this 
session, we provide an overview of the product 
direction and provide a sneak peak at some of the 
new features that will be included in the product. 

MAIL THAT SPEAKS TO YOU: UNIFIED 
MESSAGING IN MICROSOFT EXCHANGE 
SERVER 2007 

Microsoft is integrating Unified Messaging natively 
into Exchange Server 2007. In this session you will 
learn the features, benefits, and architecture of 
Exchange Unified Messaging. See how Exchange 
can take voice mail and fax messages, how you 
can call in over any phone to access your voice 
mail, e-mail, calendar or contacts, how you can 
build automated attendants, and how speech 
access is integrated into the product. Learn how 
easy it is to configure and deploy Exchange 
Unified Messaging for your organization. 

GETTING STARTED WITH MICROSOFT 
EXCHANGE SERVER 2007: SIMPLE 
INSTALLATION, SETUP AND 
ADMINISTRATION SCENARIOS 

Exchange Server 2007 is now built on standard 
Microsoft installer so that you can take advantage 
of patching services such as the Software Update 
Service (SUS). Exchange Server 2007 supports new 
server roles for flexible deployment of the topolo¬ 
gies you require and the power to automate instal¬ 
lation. These are just some of the new advance¬ 
ments in the Exchange Server 2007 set-up experi¬ 
ence. This is a must-see session for a high-level 
overview and walkthrough of how you will be 
deploying Exchange 2007. 


Sender ID Client Access Server 

Creating and Testing Mail Hygiene Small Business Mobility 
TROUBLESHOOTING Getting Rid of PSTs 

Troubleshooting Message Flow 
Troubleshooting DNS 
Advanced SMTP Troubleshooting 


EXCHANGE 2007 
ARCHITECTURE AND DESIGN 

Ever wondered how a large enterprise plans and 
implements design and architecture of its next 
generation of messaging system? Join us in this 
session where engineers from the Microsoft IT 
messaging team will uncover the details on how 
Exchange 2007 infrastructure was introduced and 
fully deployed in a 120,000+ mailbox production 
environment. Topics will include: messaging topol¬ 
ogy design, hardware planning for various 
Exchange server roles, client access server and 
mobility scenarios, transport architecture, mailbox 
server and storage designs, backup, restore and 
high availability strategies. 
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MICROSOFT EXCHANGE 

SESSIONS PRESENTED BY MICROSOFT 



MANAGING EXCHANGE SERVER 2007: THE NEW EXCHANGE 
MANAGEMENT CONSOLE AND SHELL 

Imagine having a toolset that is flexible enough to easily deploy and administer 
a single Exchange server and yet powerful enough to completely automate 
those same actions for hundreds of servers. Yes, you heard right, Exchange 
Server 2007 will deliver a new intuitive GUI experience allowing you to quickly 
provision Exchange functionality while the new command-line experience will 
allow you to automate your world. This session is loaded with demonstrations 
showing off the new Exchange 2007 toolset and also highlights the underpin¬ 
nings of this new revolutionary architecture which is built on the groundbreak¬ 
ing Windows PowerShell technology. 

MOBILE ACCESS TO EXCHANGE 2007 AND LIVE 
COMMUNICATIONS SERVER ANYTIME, ANYWHERE, 

AND ON ANY DEVICE! 

Do you need to provide anytime, anywhere access to Exchange 2007 and Live 
Communication Server in your organization? This session will cover the 
enhancements in Exchange 2007 for Windows Mobile devices as well as the 
improvements in Outlook Web Access as well as the future mobile messaging 
capabilities of Exchange 2007. We will also investigate how to deliver Live 
Communication Server's capabilities to mobile users. 

MESSAGE SECURITY AND HYGIENE IN EXCHANGE SERVER 2007 

Out of the box, Exchange Server 2007 customers will find a solution that 
helps protect their messages and messaging infrastructure from unwanted 
spam, viruses, and hackers. You'll learn how Exchange Server 2007 uses 
Kerberos and Transport Layer Security (TLS) to authenticate and encrypt mail 
within your network, and how message hygiene-including anti-spam and 
antivirus have been implemented in Exchange Server 2007. You'll also see 
how Administrators can maintain their network by adjusting spam and virus 
settings and implementing the appropriate security policies, as well as how 
end users can use simple and familiar interfaces to recover junk e-mail and 
apply message classifications. 

EXCHANGE HOSTED SERVICES 

E-mail is the lifeblood of business, and enterprises rely on IT to keep their 
communication arteries secure, protected, and compliant. Spammers, hack¬ 
ers, virus-writers, regulators, and spies are making the IT challenge increas¬ 
ingly difficult, further taxing the limits of already resource-strained staff. 
Attend this session to learn how Microsoft Exchange Hosted Services pro¬ 
vides customers with a compelling solution against these types of attacks. 
We'll review the business drivers impacting you and how you can deploy and 
administer this managed solution. 


EXCHANGE 2003 BEST PRACTICES FROM MICROSOFT IT 

Drawing on its tremendous experience with Exchange 2003 architecture, 
design, and operations, Microsoft IT has developed comprehensive and highly 
effective best practices to design, run, and maintain its Exchange environment. 
These best practices are the foundation of the Exchange Center of Excellence, 
an initiative to reduce customer issues and mis-configurations. This session 
summarizes how Microsoft IT designed its Exchange 2003 infrastructure and 
successfully ran it for several years before moving to Exchange 2007. Topics 
include the Microsoft IT Exchange site consolidation story, cluster design, back¬ 
up/restore methodology, mobile messaging infrastructure design practices, 
Internet gateway, and e-mail hygiene solutions. 

CO-EXISTENCE AND MIGRATION OF LOTUS NOTES/DOMINO 
MESSAGING TO THE MICROSOFT PLATFORM 

This session provides you with up-to-date information on the tools and guid¬ 
ance you need to move from Lotus Notes/Domino to the Microsoft 
Collaboration Platform. This session covers co-existence and migration of the 
Domino directory, messaging, and applications. 

THE UNIFIED COMMUNICATIONS TECHNICAL VISION 
AND STRATEGY 

This session will outline Microsoft's vision and technology strategy for Unified 
Communications. Come and hear directly from Microsoft's Unified 
Communications leadership about our roadmap and priorities for bringing 
together business communications infrastructure and user experience. If your 
organization is considering its strategy for e-mail, voice mail, instant messag¬ 
ing, telephone/VolP, and conferencing, this session will provide you with 
Microsoft's approach to addressing these critical organizational needs and 
improve the modern organization's ability to communicate and collaborate. 

INTEGRATING YOUR LEGACY PBX AND NEXT GENERATION VOICE 
INFRASTRUCTURES WITH MICROSOFT OFFICE LIVE 
COMMUNICATIONS SERVER 2005 r OFFICE COMMUNICATIONS 
SERVER 2007, AND EXCHANGE SERVER 2007 UNIFIED MESSAGING 

If you want to learn about how to integrate your existing voice infrastructures 
with Exchange Server 2007 and Office Communications Server 2007 (or Live 
Communications Server 2005), then come to this highly interactive session 
where you can get your tough questions answered by Microsoft experts. 

SESSIONS AND SPEAKERS ARE 
SUBJECT TO CHANGE. 

SEE WEB SITE FOR UPDATES 
AND ADDITIONAL SESSIONS. 
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REGISTER TODAY ■ 800-505-1201 ■ 203-268-3204 


www.WinConnections.com 




MICROSOFT EXCHANGE 


HOW DO YOU MIGRATE FROM A 250,000 
MAILBOX EXCHANGE 2003 
ENVIRONMENT TO EXCHANGE 2007? 
STAN FOSTER 

HP's e-mail environment is well distributed and 
supports over 250,000 mailboxes. HP has always 
worked closely with Microsoft on Exchange beta 
programs and was deploying Exchange 2007 inter¬ 
nally long before the product hit the streets. But 
deploying Exchange 2007 to such a large organiza¬ 
tion as HP's is not as easy as simply slotting the 
DVD into the drive and running Setup. In this ses¬ 
sion, we'll describe the mechanisms and processes 
involved in such a large-scale migration. 

REAL-LIFE DEPLOYMENT OF EXCHANGE 
2007 UM. LEARN WHAT IT TAKES TO 
GET THERE 

LARRY RIBA/STAN FOSTER 

Deploying the Unified Messaging functionality of 
Exchange 2007 into a real-world environment is a 
lot different than simply installing the UM role on 
a standalone server. In this session, the speakers 
will describe their experiences of deploying UM in 
a large-scale Exchange environment to support a 
evaluation of UM for selected users. 

WINDOWS SERVER CLUSTERS FOR 
EXCHANGE ADMINISTRATORS 
JUERGEN HASSLAUER 

This session provides an overview of clustering 
services within the Windows operating system. 

With Exchange Server 2007 you have to set up a 
Majority Node Set (MNS) cluster if you want to use 
Cluster Continuous Replication (CCR). You also 
have to understand the file share witness feature 
if you want to deploy CCR. Another option with 
Exchange Server 2007 is deploying a Single Copy 
Cluster (SCC) using a shared quorum architecture. 
This configuration is also available for Exchange 
Server 2003. We will introduce the new features 
related to clustering planned for Windows Server 
codename "Longhorn," and explain which pain 
points this will fix. You will learn the requirements 
for setting up a server cluster and find out how 
to recover from certain cluster specific failures. 

A virtualized environment will be used to demon¬ 
strate the topics discussed. 

EXCHANGE BACKUP AND RECOVERY 
USING VOLUME SHADOW COPY SERVICES 
JUERGEN HASSLAUER 

Starting with Exchange Server 2003 it was possi¬ 
ble to back up and restore Exchange databases 
using Volume Shadow Copy Services (VSS). 

Exchange Server 2007 enhanced the support for 
VSS backup and recovery. You have to use VSS if 
you want to back up the database copy created by 
Local Continuous Replication (LCR) or Cluster 
Continuous Replication (CCR). This topic gets even 
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more interesting with the upcoming release of 
Microsoft System Center Data Protection Manager 
(DPM) version 2 by adding support for Exchange 
backups to DPM. This session provides an overview 
of the components and their interaction used by 
an Exchange VSS solution. You will learn what you 
have to consider during your storage design to 
meet your service levels. We describe how VSS 
helps to prevent a backup from disturbing your 
production Exchange server, and how you can use 
a shadow copy to recover a corrupt storage group. 

EXCHANGE 2007 HIGH AVAILABILITY 
SHREE VISHWANATHAN 

Well folks, Exchange 2007 is here and with it has 
brought a new way of thinking while designing 
for high availability. Continuous replication in 
Exchange 2007 introduces some new “out of the 
box" availability options, particularly for the 
mailbox server role, such as LCR (Local 
Continuous Replication) and CCR (Cluster 
Continuous Replication). This session unravels 
the new features while highlighting factors to 
consider during the planning and design of 
Exchange 2007 environments. 

CROSS FOREST FEATURES IN 
EXCHANGE 2007 
WENDY FERGUSON 

Exchange 2007 brings many new features to sup¬ 
port cross-forest environments. In this session, 
we'll describe those features and give practical 
best practice guidance on how to plan, design, and 
implement your multiforest environment. 

EXCHANGE 2007 WEB SERVICES 
WENDY FERGUSON 

Exchange 2007 has a multitude of Web services 
that radically alter the mechanism by which client 
applications and programmers can make use of 
Exchange features and functions. In this session, 
we'll describe all of the new Web services, what 
they are, and when they come into play. 

TO DO, OR NOT TO DO? MANAGING 
LARGE MAILBOXES 

MISSY KOSLOSKY 

Are your end users pack rats? Are YOU a pack rat? 
What are the actual ramifications of large mailbox 
sizes in Exchange? We'll discuss size limits for 
mailboxes, the scalability of Information Stores, 
and what you should be doing in order to keep 
your end users and your servers happy! 

ACTIVE DIRECTORY SITES AND 
SERVICES—IT'S NOT JUST FOR ACTIVE 
DIRECTORY ANYMORE! 

MISSY KOSLOSKY 

Message transport in Exchange Server 2007 relies 
on your Active Directory Sites and Services config¬ 


uration-do you need to revisit the configuration of 
Active Directory in your organization? We'll talk 
about the implications of the routing changes in 
Exchange 2007, and what they might mean to your 
current configuration. 

DIVESTING RESOURCES IN EXCHANGE 
SERVER 

MISSY KOSLOSKY 

Your company has sold off a portion of its busi- 
ness-what do you need to do to remove the asso¬ 
ciated mailbox data from your organization? Let's 
delve into the ways that we can transfer data from 
one organization to another while retaining the 
security of our messaging systems. 

EXCHANGE 2007 AND COMPLIANCE 
KIERAN MCCORRY 

Exchange 2007 allows you to implement various 
e-mail policies that can help you meet your com¬ 
pliance and records management needs. Similarly, 
Microsoft Office SharePoint Server 2007 enables 
you to put much more control on your enterprise 
document content. Where do all these technolo¬ 
gies fit together and how will your users avail of 
them? In this session, we cover the major 
advancements in this area highlighting how you 
can make the best use of these technologies. 

BEST PRACTICES FOR DATA PRIVACY 
WITH YOUR E-MAIL SYSTEM 
KIERAN MCCORRY 

Everyone knows of the need for system adminis¬ 
trators to access mailboxes from time to time to 
check something out. But are they breaking the 
law when they do so. The sessions gives an outline 
of some of the regulations that are relevant when 
accessing personal data in the US and elsewhere 
and helps you implement a data access policy to 
keep you on the right side of the law. 

HOW TO GET YOUR END USERS 
HAPPY WITH LIVE COMMUNICATIONS 
SERVER 2007 
LEE MACKEY 

With IM traffic supposedly surpassing e-mail traffic 
by 2008, how are we as IT Professionals preparing 
ourselves for this? When end users will install any¬ 
thing and everything to get connected to their 
kids, significant others, coworkers, and anyone else 
they want to chat with, how do we tackle this to 
ensure that we are meeting all requirements from 
Sarbanes-Oxley, or HIPPA? What tools do we have 
to ensure that we are following the rules that have 
been set for us. How do we get clients to communi¬ 
cate over Secure IM from every IM cloud? With Live 
Communications Server (LCS) 2007, you now have 
the one-stop-shop. You have the ability to imple¬ 
ment a secure communication mechanism that will 
allow you to get them off the ground and commu- 
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nicating. With LCS you will have the ability to set up 
Instant Messenger so your end users will be happy, 
have the connections they are looking for, and the 
ability to collaborate with peers, customers, and 
vendors with little or no effort. In this session we 
will go over typical deployments, typical policies, 
extras you might want to consider, and tools to 
help ensure your end users are just a click away 
from their buddy list. 

MOBILE CLIENT CONNECTIVITY FOR 
EXCHANGE (ACTIVESYNC) 

LEE MACKEY 

Microsoft Exchange 2003 with SP2 has become the 
buzzword in the IT industry. IT Admins no longer 
need the Blackberry or Goodlink server to get crit¬ 
ical data to their end users. Typically with these 
products the technology requires extra access, 
more hardware, and sometimes very complicated 
issues that are nearly impossible to troubleshoot. 
Microsoft has helped IT Admins with a solution 
that handles all of these issues. You no longer 
need extra hardware, or even extra permissions to 
manage Exchange Server 2003 SP2. This session 
will walk you through the installation, configura¬ 
tion, and tools to help troubleshoot ActiveSync. 

ESSENTIAL TOOLS FOR EXCHANGE ADMINS 
LEE MACKEY 

Microsoft Exchange 2003 SP2 / 2007 can be very 
complicated or simple depending on your organi¬ 
zation's requirements around e-mail and deliver¬ 
ing that service to your end users. In this session, 
well go through a number of tools that will help 
you troubleshoot and fix issues that you are expe¬ 
riencing, as well as different support options 
around supporting Exchange. This session will give 
you details on what to do and how to do it to 
ensure your success in a critical pinch to get mail 
flowing again. We don't cover everything, but we 
will cover the basics and some cool tools and 
methods for figuring out what's going on. 

DCAR WITH EXCHANGE 
DEVIN GANGER 

Discovery, Compliance, Archival, and Retention: 
they're challenges every Exchange administrator 
faces. Whether you're using Exchange 2000,2003, 
or 2007, join the author of the Windows IT Pro 
"E-mail Discovery and Compliance" e-book to find 
out how to solve these challenges. 

10 TIPS TO MAKE YOUR EXCHANGE 
SERVER A GOOD NET NEIGHBOR 
DEVIN GANGER 

Many Internet mail administrators consider 
Exchange to be a poorly behaved SMTP MTA. All 
too often, these perceptions are rooted in config¬ 
uration errors surrounding Exchange, rather than 
in any flaw in the product. Learn these common 


(and in many cases) simple configuration changes 
you can make that will keep your external mail 
running smoothly. 

IRON CHEF: USING POWERSHELL WITH 
EXCHANGE 2003 
DEVIN GANGER 

While the new Exchange Management Shell is only 
designed to manage Exchange 2007 servers, the 
underlying PowerShell technology can make man¬ 
aging and scripting your Exchange 2000 and 2003 
servers a lot easier. Join one of the authors of the 
Exchange Server Cookbook a nd learn how to 
take advantage of PowerShell to make scripting 
Exchange easier than ever. 

CONTINUOUS BACKUP FOR EXCHANGE 
PAUL ROBICHAUX 

Exchange makes full use of both conventional and 
point-in-time backup technologies. However, many 
administrators want more! This session will 
explain the underpinnings of continuous backup 
solutions from Microsoft and third-party vendors 
for Exchange 2003 and Exchange 2007 so you can 
choose an appropriate solution for your needs. 

POWERSHELL FOR BEGINNERS 
PAUL ROBICHAUX 

The Exchange Management Shell (EMS) is a key 
part of the Exchange 2007 experience. What if 
you're not a scripter? Don't worry; you can still get 
plenty done with EMS after just a little learning. 
This session covers the basics of what you need to 
know about how EMS works and what you can do 
with it. 

EXCHANGE 2007 UNIFIED MESSAGING 
DEEP DIVE 

PAUL ROBICHAUX 

Ever wonder how Exchange 2007 UM does its 
magic? Come to this session to look under the cov¬ 
ers and learn how the UM server, your PBX, and the 
worldwide phone network work together-in depth. 

TROUBLESHOOTING PERFORMANCE 
ISSUES IN EXCHANGE 2003 
WILLIAM LEFKOVICS/KEVIN MILLER 

We will outline troubleshooting steps for com¬ 
mon performance issues experienced with 
Exchange 2003, specifically dealing with slug¬ 
gish performance. We will walk through trou¬ 
bleshooting steps to isolate causes from CPU, 
disk space, memory, bandwidth and third-party 
applications. We can also use sysinternals file- 
mon to show I/O distribution. 

MESSAGE HYGIENE IN EXCHANGE 2003 
WILLIAM LEFKOVICS/KEVIN MILLER 

We will review the layered approach administra¬ 
tors can apply to help keep users' inboxes clean of 


productivity-draining content. We won't waste time 
on spam statistics. We'll discuss configuring each 
component and its value to the overall goal. 

EXCHANGE 2007 TRANSPORT RULES 
WILLIAM LEFKOVICS/KEVIN MILLER 

Replacing the cumbersome event sinks, transport 
rules are easy to administer and resemble a GUI 
we might see on an e-mail client. We can show 
how transport rules can make the administrator's 
job simpler. They are quite granular. We will high¬ 
light common ones and ones that might make 
administrators happiest. 

EXCHANGE 2007: THE FIRST 100 DAYS 
JIM MCBEE 

Eollow the real-life implementation of an early 
adopter of Exchange 2007. This session will start 
with an overview of the organization's Exchange 
2000 architecture and some of their goals for an 
early implementation of Exchange 2007. The ses¬ 
sion will then cover the planning process, server 
consolidation factors, hardware requirements, 
existing software that integrates with Exchange, 
and meeting prerequisites. This session will also 
include many of the hurdles that this organization 
faced in completing their migration. 

ARE YOU A LOW-HANGING FRUIT? 

JIM MCBEE 

Hackers frequently target the simplest and easiest 
systems that they can exploit. If common exploits 
don't work they usually move on. Is your Exchange 
system vulnerable to "low-hanging fruit" compro¬ 
mise? This session will start by covering simple 
things you can do with Exchange 2000/2003/2007 
to ensure that you are not one of the low-hanging 
apples on the tree. After covering the basics, we 
will then cover additional security mechanisms 
that tools such as Microsoft ISA Server, Edge 
Transport services, and other tools can provide 
when implementing additional layers of security 
and message hygiene. 

EXCHANGE 2003: BEST PRACTICES 

DAY-TO-DAY 

JIM MCBEE 

What should you be doing on a daily basis to keep 
your Exchange servers stable and running opti¬ 
mally? Topics in this session include the basic 
tasks that should be performed on every 
Exchange 2003 server and events to watch for in 
the event logs. What can you do to improve your 
Exchange operations, customize your operations, 
and tweak Exchange to meet the requirements of 
your organization? Also covered are some "worst" 
practices in Exchange management such as "over 
administering" the Exchange server and common 
configuration mistakes. 
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HANDS-ON COURSES 

YOU MUST PRE-REGISTER! 


Microsoft 

EXCHANGE 

Troubleshooting 

Course 

Sign up for one, two, or all three days of this troubleshooting course. 

Inside you will learn the issues and methods for troubleshooting and 
resolving Exchange Server 2003 problems. Each day is packed with in- 
depth technical information not found in other courses, with Exchange 
Server 2003 hands-on-labs that walk you through the tools and proce¬ 
dures you'll need when troubleshooting Exchange Server 2003. 

You must be registered for the conference to attend the troubleshooting classes. 

You must indicate when you register, which days you plan to attend. 

EXCHANGE TROUBLESHOOTING SPECIALIST COURSE TOPICS INCLUDE: 

MONDAY, APRIL 2 

TROUBLESHOOTING DISASTER RECOVERY WITH EXCHANGE SERVER 2003 

Covers the Exchange Database Architecture in detail along with the tools 
and processes used to recover an Exchange Server 2003 environment. In 
this one-day workshop the student gets hands-on experience recovering 
from different types of disaster recovery scenarios. Just Added: An 
overview of Exchange Server 2007 Disaster Recovery enhancements. 

TUESDAY, APRIL 3 

TROUBLESHOOTING MESSAGE FLOW IN EXCHANGE SERVER 2003 

Reviews the Exchange Server 2003 Transport architecture, message flow 
dependencies, Active Directory (a messaging dependency), troubleshooting 
tools, DNS issues that affect Mail Flow, Recipient Update Service, and trou¬ 
bleshooting mail flow. Just Added: An overview of Exchange Server 2007 
message flow. 

WEDNESDAY, APRIL 4 

TROUBLESHOOTING PERFORMANCE IN EXCHANGE SERVER 2003 


Covers performance monitoring concepts, monitoring performance strate¬ 
gies, and the performance monitoring process. These topics are followed by 
a review of the tools and how to isolate the performance problem. 

Just Added: An overview of Exchange Server 2007 sizing and tools. 


“Very informative session. Lecturer has impeccable knowledge of the subject. 

This course is extremely useful and relevant to anyone who manages Exchange.” 

- Vaughn Jardine 

THE UNIVERSITY OF THE WEST INDIES 

“This is the best courseware, presenter, and labs I’ve ever attended. 

And I’ve been to many. Well done.” 

-2005 Orlando course attendee 
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Windows 



HANDS-ON COURSES 

YOU MUST PRE-REGISTER! 




_ and 

Automation 

Course 


YOU MUST PRE-REGISTER FOR THE VBSCRIPT COURSES. 

You will need to bring your own laptop computer 
with power cord and CD-Rom drive. 

See Web site for configuration details. 


www.WinConnections.com 


You must be registered for the conference to attend the 
scripting and automation course. 


MONDAY, APRIL 2 VBSCRIPT MASTER COURSE 

Take VBScript further with scripting guru Don Jones! Learn to utilize databas¬ 
es within your scripts to build more effective and powerful script-based tools. 
Learn to use the complex WSF format (which Don conveniently de-compli- 
cates for you) to build command-line tools by using VBScript-a great way to 
share your scripts with less experienced technicians. You'll also learn to build 
a graphical user interface for your scripts using HTML Applications (HTAs). 
Don rounds out this Master Course with a thorough debugging methodology 
that will get your scripts up and running faster than ever. Reguires attendance 
at the VBScript Basic Training pre-conference workshop, or eguivalent inde¬ 
pendent experience. This is not an introductory course and assumes prior 
knowledge of WMI, ADSI, and the VBScript language. 

This is a three-part course. You must sign up for Part 1, 2 and 3. 


TUESDAY APRIL 3 


POWERSHELL MASTER COURSE 

Go beyond the basics and make Windows PowerShell a workhorse for admin¬ 
istrative automation and reporting. Scripting guru Don Jones helps you learn 
complex functionality like how to utilize databases, how to work with regular 
expressions, and even an introduction to building a graphical user interface 
from PowerShell's command line. Learn about formatting, sorting, and filter¬ 
ing options that make your PowerShell commands and scripts more effec¬ 
tive, and learn best practices for writing effective, maintainable PowerShell 
code. Reguires attendance at the Windows PowerShell Basic Training pre¬ 
conference workshop, or eguivalent independent experience. This is not an 
introductory course. 

This is a three-part course. You must sign up for Part 1, 2 and 3. 


sell out quickly. 
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■ WINDOWS 

SESSIONS PRESENTED BY MICROSOFT 



Immerse yourself in the latest Windows administrative technologies- 

Windows Vista, Windows "Longhorn" Server, WDS, Virtualization, 
and more-with experts from Microsoft Corporation and world- 
renowned subject matter experts! Windows Connections offers the 
deepest and most relevant education for Microsoft Windows administra¬ 
tors, especially in this time of important new products and technologies. 

Microsoft is bringing major changes for 2007, and now is the time for 
you to quickly come up to speed. Be prepared for the newest technolo¬ 
gies and products, through the real-world experience of our expert pre¬ 
senters and instructors. "Insider” details help you make sense of new 
technologies, apply them to your environment, and master them faster 
and more effectively. 

■ For Windows Vista, learn about hidden security truths, volume license 
activation (a major deployment hurdle if you're not ready), new Group 
Policy settings, application compatibility issues, and top features that 
will save you time and money-and that you're likely to overlook! 

■ For Windows "Longhorn" Server, the next generation of Microsoft's 
server platform, learn what's changed in Active Directory Services, 
how name resolution has changed, and how File Replication Services 
have been superseded by DFS-R. 

■ General Windows Technologies changes speed up deployment and re¬ 
imagine the way your enterprise works. Learn about Windows 
Deployment Services, automated provisioning of secure business data 
shares, how SharePoint will replace your file servers, and how to auto¬ 
mate and improve user and group administration. 

■ This is the year of virtualization as hardware and software hypervisor 
technologies converge. Learn about virtualization strategies for the 
enterprise, how virtualization can revolutionize your disaster recovery 
plan, and more. 

■ Become a more effective and efficient administrator through script¬ 
ing and automation, including powerful tips in VBScript and a com¬ 
prehensive course in Microsoft's newest automation solution, Windows 
PowerShell. 


IMAGING WINDOWS VISTA 

An important component of the new imaging 
capabilities provided with Windows Vista is the 
Windows Imaging, or WIM, file format. We will 
discuss how this new file-based image format 
provides advantages and capabilities beyond 
typical sector-based imaging solutions. We will 
look at how to capture a Windows Vista image, 
how to view these image files, and edit these 
files and the configuration settings within the 
image files themselves using ImageX. Finally, 
we will look at options for deploying the WIM 
file. The WIM file is installed differently than 
previous images and there are new options for 
deployment within an organization. We are not 
going to go into detail of the deployment 
process but will give an overview of how it 
works and its role in the imaging process. 

WINDOWS "LONGHORN" SERVER 
TECHNICAL OVERVIEW, PART 1 

This is part one of a two-part session dis¬ 
cussing the features of Windows "Longhorn" 
Server. In this session, we will look at new fea¬ 
tures that will enhance productivity and per¬ 
formance. We will discuss new features in IIS 
and Clustering support. We will also demon¬ 
strate using the new Windows PowerShell for 
administration and the new Performance and 
Reliability Monitor. 

SQL 2005 SECURITY FEATURES 

SQL Server 2005 breaks security down into a 
number of distinct areas. We will be introducing 
the security concepts that are new to SQL 
Server 2005, such as user-schema separation. 
We will also see how SQL Server 2005 imple¬ 
ments current security concepts like encryp¬ 
tion in ways that are new to this release. The 
session will look at security from the perspec¬ 
tive of the server, the database, and database 
objects, and some of the different options you 
can use at each level to help secure your data. 
The session will also take a look at how you 
can monitor the security of your SQL Server. 

DEPLOYING VISTA WITH BDD 2007 

Business Desktop Deployment, or BDD, has 
changed the face of scaled desktop deploy¬ 
ments, providing true end-to-end guidance and 
automation for all required desktop deploy¬ 
ment processes. In this session we will look at 
how the deployment toolset has changed for 
operating systems. We will look specifically at 
how a Windows Vista deployment will be 
accomplished. We will see how the new WIM 
image format works and how to design a light- 
touch or zero-touch deployment of the new 
operating system. Finally, we will tour and use 
the new Business Desktop Deployment 2007 
Solution Accelerator. 
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WINDOWS "LONGHORN" SERVER TECHNICAL OVERVIEW, PART 2 WHAT IS FOREFRONT AND HOW WILL IT HELP ME? 


In this second part of our overview of Windows "Longhorn" Server, we will 
provide a brief introduction to Network Access Protection, which will allow 
administrators to enforce compliance with health policies for network 
access or communication. Also, Terminal Services has undergone some 
significant changes and improvements since Windows 2003. 

WINDOWS VISTA SECURITY FEATURES 

Discover new features in Windows Vista that will help keep the bad stuff 
out. We will discuss improvements in the Windows Firewall, IE security fea¬ 
tures, User Account Control, Network Access Protection, and more. 

GROUP POLICY IN VISTA 

This session will describe the new and updated features in group policy and 
how these help alleviate problems that were present with previous versions 
of Windows. With the number of Group Policy settings having increased 
from approximately 1,700 in Windows Server 2003 with Service Pack 1 to 
approximately 3,000 in Windows Vista and Windows Server "Longhorn," we 
will only look at the biggest improvements and give a good starting point 
for you to utilize the new Group Policy settings. We will also introduce 
Quality of Service policies which are available with Windows Vista. 

NETWORK ACCESS PROTECTION IN WINDOWS 
"LONGHORN" SERVER 

It's not enough to just keep the "bad guys" out of the network anymore. 
Authorized users and workstations can also contribute security issues 
behind the firewall. Network Access Protection allows you to check the 
health of these systems before granting them full success to the network. 
We will discuss using NAP with IPSec, DHCP, VPN Policies and more. 

SECURING THE BRANCH OFFICE WITH ISA 2006 

In this session, we well cover the tasks for deploying an ISA solution in a 
branch office. This will involve configuring both the headquarters and 
branch office sites, and deploying a site-to-site VPN connection using the 
layer two tunneling protocol over IPsec, or L2TP. We will explore the new 
performance-enhancing features that can really make a difference for 
branch office users, including HTTP compression, content caching, and 
traffic prioritization using DiffServ. Finally, we will focus on monitoring ISA 
Servers with MOM 2005 and the ISA Server management pack, including 
how to deploy the MOM agent to an ISA Server. 


Today's security market landscape is complex and fragmented. Poor inter¬ 
operability, separate management consoles for each product, and a gener¬ 
al lack of unified event reporting and analysis all present challenges to 
the system administrator. Learn how the Forefront family of products can 
protect your network and systems including client workstations, Exchange, 
SharePoint, ISA, and Office Communications Server. 

NEXT GENERATION NETWORKING IN WINDOWS VISTA AND 
WINDOWS "LONGHORN" SERVER 

The Next Generation TCP/IP stack in Windows Vista and Windows Server 
"Longhorn" is a complete redesign of TCP/IP functionality for both Internet 
Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) that meets 
the connectivity and performance needs of today's varied networking 
environments and technologies. The Next Generation TCP/IP stack intro¬ 
duces many security, performance, and scalability improvements. After 
we've examined the new features and benefits of the Next Generation 
TCP/IP stack we'll discuss how you can prepare your network for IPv6. 

WINDOWS DEPLOYMENT SERVICES TECHNICAL OVERVIEW 

In this session, we will look at how WDS takes advantage of the Windows 
Imaging, or WIM, file format. WDS is actually made up of several compo¬ 
nents to form a unified deployment solution. We will explore each of these 
components to see how they interact. The management component of WDS 
is simplified to provide an easy solution for administrators; we will show 
how using the simplified management with WDS will allow companies to 
reap these benefits. 

IDENTITY AND ACCESS MANAGEMENT 

As organizations grow, they tend to accumulate multiple systems and 
standards for storing, managing, and using digital identities. These sys¬ 
tems can include directory services, human resource (HR) databases, 
financial systems, and custom applications, in addition to Web sites for 
employees, customers, and partners. The complexities that result from 
having multiple identity systems and standards generate higher costs, 
management overhead, and security issues that grow as the size of the 
environment increases. Implementing an identity and access management 
solution can help organizations take control of their environments and 
reduce the complexity. 


WINDOWS VISTA FIREWALL AND ADVANCED SECURITY 

In this session, we are going to look at features of firewalls in general and 
specifically the firewall included with Windows operating systems. We will 
be using some of the features in previous versions of Windows Firewall to 
highlight the new benefits of the Windows Firewall with Windows Vista. 
Vista provides greater configuration options resulting in greater security 
for different connection methods, such as LAN or wireless connections. We 
will look at ways to configure exceptions for more control over incoming 
and outgoing traffic. 


SESSIONS AND SPEAKERS 
ARE SUBJECT TO CHANGE. 
SEE WEB SITE FOR UPDATES 
AND ADDITIONAL SESSIONS. 


UNIX INTEROPERABILITY IN WINDOWS "LONGHORN" 

We live in an increasing integrated world where Windows servers must play 
in the same sandbox with many other operating systems. In this session, 
we will discuss interoperability improvements in Windows "Longhorn" 
server that allow Windows and Unix-based systems to live together in bet¬ 
ter harmony. 
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WHAT'S NEW IN DIRECTORY SERVICES 
FOR LONGHORN SERVER? 

SEAN DEUBY 

A lot of work has been done on Active Directory 
for Longhorn Server with features that give you 
more flexibility in your directory than you've 
ever had. In this session, you'll learn about better 
security for DCs in insecure locations, improved 
ways to promote and demote DCs, and finally the 
ability to safely grant administrator rights to 
operators on some DCs. It is time to start think¬ 
ing toward your Longhorn future! 

IDENTITY MANAGEMENT 
FUNDAMENTALS 
JAN DECLERCQ 

This session provides an extensive introduction 
to identity management. It explains the concept 
of a digital identity and how it can be used in dif¬ 
ferent contexts. The session pays special atten¬ 
tion to the identity management components in 
the data repository, security, lifecycle, consum¬ 
able value and management areas. It also intro¬ 
duces identity management-related standards 
and looks at what solutions Microsoft can offer 
in this space. 

NEW FEATURES IN PKI AND 
CERTIFICATES FOR LONGHORN 
AND VISTA 

BRIAN KOMAR 

Brian Komar, one of the leading "gurus" in 
Public Key Infrastructure, shares his insights 
into the changes to PKI and Certificates in 
Windows Vista and Windows "Longhorn" Server. 
Learn what you need to know to prepare to 
implement these technologies, and what they 
mean to your business. 

NETWORK ACCESS PROTECTION IN 
WINDOWS VISTA AND LONGHORN 
STEVE RILEY 

Many organizations wish to limit access from and 
prevent damaged caused by rogue, unmanaged 
machines. This is a challenge because the under¬ 
lying network protocols were designed primarily 
to facilitate ease of communications, not to pro¬ 
vide robust authentication or permission check¬ 
ing. Many products are becoming available to 
help control access into a network, based on a 
variety of existing technologies: DHCP, 802.1X, and 
IPsec are the most popular. Steve Riley will 
explore Microsoft's Network Access Protection 
(NAP) offering, included as part of Windows Vista 
and Windows "Longhorn" Server. 


REIMAGINING THE FILE SHARE: 
AUTOMATING AND PROVISIONING 
SECURE BUSINESS DATA SHARES 
DAN HOLME 

Whether for security, compliance, or manageabil¬ 
ity, the time has come for IT organizations to 
reexamine how they manage traditional file 
shares. This practical, solutions-focused session 
will present a vision for role-based, provisioned 
management of shared data folders. You will take 
away tools and a punch-list of processes that you 
can adapt to your enterprise's requirements to 
achieve that vision. Participants in this session 
are expected to have a solid understanding of 
access control lists (ACLs) and group manage¬ 
ment in Active Directory. 

DEPLOYING AND MANAGING SMART 
CARDS WITH CERTIFICATE LIFECYCLE 
MANAGER 

BRIAN KOMAR 

Certificate Lifecycle Manger (CLM) allows you to 
manage software and smart card certificates in 
your network through the lifetime of the certifi¬ 
cates. This session provides an overview of the 
product, how it integrates into your existing PKI, 
and identifies how the product will help you in 
your future certificate deployments. 

WINDOWS VISTA SECURITY: 

THE HIDDEN TRUTH 

MARK MINASI 

Vista's more than just a pretty face. Its security 
innards have been ripped out and replaced with 
a new and almost completely different security 
engine. But it's not just security geek internals, 
friends: it's some whole new paradigms. For 
example, what's going on with those User Access 
Control dialog boxes behind the scenes? Think 
you know what's in a SID? Not any more... and get 
ready for a whole new layer of security, the 
Mandatory Integrity Controls. MIC's the thing that 
could make it nearly impossible for you to delete 
any file in System32, even if you're an adminis¬ 
trator. Ah, have we got your attention now? Then 
don't miss this session! 

COMMON ACTIVE DIRECTORY ATTACKS 
AND HOW TO PROTECT AGAINST THEM 

JAN DECLERCQ 

This session provides examples of common 
attacks against Active Directory and also shows 
how you can protect your enterprise directory 
against them. The attacks addressed in this pres¬ 
entation include password cracking-, elevation of 
privilege- and denial-of-service-based attacks. 


EVERYTHING NEW IN VISTA AND SERVER 
EVENTS AND EVENT LOGS 
RHONDA LAYFIELD 

Join Rhonda Layfield for an in-depth look at the 
overhauled event logs and eventing subsystems 
of Vista and Longhorn. Learn how to navigate the 
logs, consolidate, locate, and interpret events. 

WINDOWS VISTA FIREWALL WITH 
ADVANCED SECURITY: A DEEP-DIVE 
DOUG SPINDLER 

Administrators may be familiar with the basic 
firewall found in Vista, which is very similar to 
the firewall found in Windows XP. In Vista, IT Pros 
will discover that Microsoft enhanced the func¬ 
tionality of the basic firewall with Windows 
Firewall with Advanced Security. The Advanced 
Security Firewall will allow IT Admins to have 
much more control over firewall settings such as 
source and destination IP addresses, IP protocol 
number, source and destination Transmission 
Control Protocol (TCP) and User Datagram 
Protocol (UDP) ports, interface types, Internet 
Control Message Protocol (ICMP), and ICMP for 
IPv6 (ICMPv6). The new advanced security fire¬ 
wall in Vista offers a new level of security and 
functionality in Vista including the ability to filter 
inbound and outbound traffic. The new firewall is 
just one more reason why you will want your 
users using Vista. 

THE FILE SERVER IS DEAD: 
IMPLEMENTING WINDOWS SHAREPOINT 
SERVICES DOCUMENT LIBRARIES 
DAN HOLME 

After a short life of barely a decade, the Windows 
Server shared folder is dead, or at least on life 
support. Why? Because the features that we've 
all been missing-version control, version history, 
extensibility, and workflow-are now achievable 
using Windows SharePoint Services document 
libraries. Learn how to move forward into a new 
era of document management in this practical 
introduction to WSS. 

DISTRIBUTING YOUR DATA WITH DFS 

NAMESPACES 

SEAN DEUBY 

DFS Namespaces is one of the greatest features 
in Windows Server that's not widely known. A sig¬ 
nificant improvement over the original 
Distributed File System in Windows 2000, learn 
how to use DFS Namespaces to quickly and easily 
build, manage, and delegate an easy-to-use 
enterprise virtual folder structure. 

MOVING TO 64-BIT WINDOWS 
GUIDO GRILLENMEIER 

2006 is the year in which 64-bit computing has 
gone mainstream and its adoption will continue 
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to grow at fast pace in 2007. The availability of a 
powerful x64 processor architecture that is back¬ 
ward compatible with the prevailing x86 architec¬ 
ture and the availability of Windows Server x64 
editions that leverage this architecture allow a 
smooth migration path for customers into the 
new 64-bit world of computing. This session 
describes the most important things to know 
about 64-bit and the related Windows Server 
2003 and Longhorn operating system versions. It 
differentiates the two 64-bit architectures sup¬ 
ported by Windows (x64 and Itanium) and 
describes appropriate business cases for lever¬ 
aging 64-bit today. Special focus will be put on 
32-bit compatibility challenges and solutions as 
well as discussing deployment scenarios for the 
Windows 64-bit versions and the support of well 
known server applications when executed on a 
Windows x64 server operating system. 

NAME RESOLUTION 2008 STYLE: DNS r 
WINS, AND NETBIOS IN LONGHORN 

MARK MINASI 

Soon we'll have "NT Server 6.1" -Vista's big broth¬ 
er, also known as Server 2007,2008, or Longhorn. 
And with that comes improvements in, well, just 
about everything, including one of Windows' most 
important pieces of plumbing-name resolution. 
Yes, you've heard it before, but with Longhorn, it 
looks as though WINS may really, finally, actually... 
die. Or not; we'll see. Besides the changes to 
WINS, the big name resolution story is, of course, 
DNS. What's new in 2007/8 DNS? And, better, what 
small features of 2003's DNS might you be miss¬ 
ing out on? Come to this session with The Master 
of Name Resolution, popular speaker and writer 
Mark Minasi, to find out! 

UNDERSTANDING AND 
TROUBLESHOOTING WINDOWS SERVER 
2003 AUTHENTICATION 
JAN DECLERCQ 

This session focuses on the nuts and bolts of 
the Kerberos authentication protocol: the basic 
protocol exchanges, the protocol's strengths 
and its operation in a single- and multidomain 
and multiforest environment. The session also 
addresses the new key features of the Kerberos 
implementation in Windows Server 2003 and R2: 
these include the support for protocol transi¬ 
tion, constrained delegation, and user-to-user 
authentication. 

DFS-R: THE GOOD, THE BAD, AND THE 

NON-REPLICATED 

RHONDA LAYFIELD 

Windows Server 2003 delivers a new mechanism 
for replicating data in DFS Namespaces called 
DFS-Replication or DFS-R. DFS Namespaces are 
incredibly easy to set up and they seem to just 


magically replicate from one server to another. 
But what happens when the magic wears off or 
when replication fails? In this session, you will 
learn how to monitor and troubleshoot the new 
DFS-R to keep the magic alive in your enterprise. 
Rhonda will share useful command-line tools that 
configure the client to fail-over to a specific 
server. She will also dig deep into the replication 
mechanism to expose the inner workings of 
cross-file RDC. You'll discover how DFS-R deter¬ 
mines what has changed in a file and replicates 
only the changes-not the entire file-conserving 
network bandwidth utilization. 

CHANGES IN DELEGATING ACTIVE 
DIRECTORY IN LONGHORN 
GUIDO GRILLENMEIER 

Active Directory enables administrators to assign 
permissions to all directory objects at a very 
granular level. Enterprise environments need to 
leverage this capability to differentiate who can 
see or do what in which part of their directories. 
However, the granularity of permissions in Active 
Directory can be hugely overwhelming and needs 
to be applied and managed correctly. This ses¬ 
sion will recap the challenges of delegating 
administrative permissions in AD and describe 
the upcoming changes in Longhorn Security as 
they are relevant for AD delegation. It will cover 
typical scenarios for management of Active 
Directory objects in large enterprises, answering 
such critical guestions as: How can I differentiate 
between admins that can create objects and 
those that can manage or delete them? How do I 
best manage the new options to separate the 
admin role on Read-Only-DCs? It will also high¬ 
light and explain many of the not-so-well-known 
features around AD delegation that are lingering 
in your Windows Server 2003 AD infrastructures. 

WHAT'S NEW IN WINDOWS VISTA 
GROUP POLICY? 

JEREMY MOSKOWITZ 

Short answer: lots. So come hear the essental 
"what every admin absolutely needs to know" 
about Windows Vista and Group Policy. Learn why 
you need a Windows Vista management station. 
Learn how to get out of burning 5MB per GPO on 
each DC. Learn about the new things you can do 
(like power management and USB port manage- 
ment)-only for Windows Vista clients. If you've 
got even one Windows Vista client that you're 
going to deploy, you positively must come to this 
session to learn the ropes from Jeremy 
Moskowitz, Group Policy MVP. 

FRS RIP: DFS-R REPLICATION AND 
SYSVOL IN WINDOWS SERVER 
RHONDA LAYFIELD 

Longhorn Server will use DFS-R to replicate your 
sysvol data. If you have ever had the need to 


troubleshoot a sysvol replication failure-maybe a 
group policy object which dictates your clients 
security settings failed to replicate to one specif¬ 
ic domain controller, so the clients in that site do 
not receive the security settings; then you know 
the joys of troubleshooting sysvol replication. 
Learning the step-by-step process DFS-R uses in 
the replication process will be a huge help. This 
session is an in-depth look at DFS-R and the 
known issues you may possibly run into. This ses¬ 
sion also contains information that is not yet 
documented. Learn the process now and be one 
step ahead of any issues you may encounter! 

VIRTUALIZATION STRATEGIES AND 
TECHNOLOGIES FOR THE ENTERPRISE 

ALAN SUGANO 

Server and application virtualization in the 
enterprise environment continues to rise in pop¬ 
ularity. As server hardware becomes more pow¬ 
erful, much of the processing power of the serv¬ 
er is wasted. Server virtualization allows you to 
efficiently use the processing power of new 
servers and the 64-bit platform by consolidating 
multiple physical servers onto a single virtual 
server host. We'll examine ESX Server and 
Microsoft's Hypervisor technologies and how 
they work with server virtualization. Application 
virtualization allows you to run applications on 
workstations without having to install the appli¬ 
cation on each workstation. This simplifies patch 
management and significantly reduces the time 
to roll out new or upgraded applications. 
Virtualization has the potential to save money, 
reduce server setup time, provide a flexible test 
environment, speed up disaster recovery, and 
still provide high availability. 

GOODBYE RIS, HELLO WDS 
JEREMY MOSKOWITZ 

RIS is dead. Long live, RIS, er, WDS, which replaces 
RIS. What was RIS? An in-the-box way to deploy 
scripted, hands-off installs for Windows XP and 
Windows 2003. What's WDS? The all-new, in-the- 
box way to deploy scripted, hands-off installs for 
Windows Vista, Windows XP, and Windows 2003. 

If you're using RIS today, you absolutely MUST 
come to this session to know how to upgrade 
your RIS servers. If you're flirting with Vista 
installation, learn one unified way to zap out 
Windows Vista and Windows XP. 

REIMAGINING THE MOBILITY AND 
AGILITY OF USER DATA: FOLDER 
REDIRECTION, ROAMING PROFILES, 

AND OFFLINE FILES 
DAN HOLME 

Windows Server 2003, Vista, and XP offer impor¬ 
tant functionality to ensure that data is available 
and secure. But until you start managing the 
intricacies of the technologies, your organiza- 
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tion's data is difficult to access or take offline, 
challenging to protect, and intellectual property 
is exposed. In a worst-case scenario, critical user 
data is stored only on users' machines and is 
exposed to complete loss. Or, misguided corpo¬ 
rate mandates lead too quickly to full-disk 
encryption. In this practical session, you will 
learn best practices for putting the pieces 
together: folder redirection, user profiles, offline 
files, encryption, Group Policy, ACLs, and shares. 
Participants are expected to have a very solid 
understanding of most or all of these technolo¬ 
gies, or be ready to learn them offline. This 
advanced session prepares you to take away 
ready-to-implement, useful solutions to cor¬ 
ralling, securing, and managing corporate data. 

APPLICATION VIRTUALIZATION 

ALAN SUGANO 

End the patch management hell. Application vir¬ 
tualization allows you to run applications without 
having to install the application on each worksta¬ 
tion. This simplifies patch management and sig¬ 
nificantly reduces the time to roll out new or 
upgraded applications, because patches are 
installed once on the application server and not 
individually on each workstation. Well take a 
look at Microsoft's Softricity technology and how 
it handles local, remote, and disconnected clients 
and their applications. This technology also leads 
to the software as a service directive that many 
companies see as an industry trend. Application 
virtualization also ties into disaster recovery 
because it significantly reduces the prep time for 
workstation recovery. Application virtualization 
can reduce patch management headaches, 
reduce the time to roll out new applications, easy 
roll back for problematic patches, allows users to 
run different versions of the same application, 
and can speed up disaster recovery. See if this 
technology is a good fit for your company. 

DEBUNKING SECURITY MYTHS 2007 
STEVE RILEY 

Let's see now, if we just tweak this setting here 
and that setting over there and the other setting 
... urn, where was that setting again? Sounds 
familiar, huh? Security tweaks often make you 
feel good because, after all, you've done some¬ 
thing! Alas, tweaks are usually nothing more than 
pure "security theater," designed more to satisfy 
poorly written auditing requirements than really 
making a system more difficult to attack. Steve 
Riley will expose several common security myths 
and explain why they provide little (if any) value. 

SESSIONS AND SPEAKERS 
ARE SUBJECT TO CHANGE. 
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VOLUME ACTIVATION 2.0 IN VISTA AND 
LONGHORN SERVER 

SEAN DEUBY 

Think you finally understand Windows licensing? 
Think again! Every single Vista and Longhorn sys¬ 
tem requires a Volume Activation infrastructure 
or they'll come grinding to a halt after you've 
deployed them. Designing for VA 2.0 will be a 
critical part of your Vista/Longhorn deployment, 
so check out this session and be prepared. 

IMPACT OF EXCHANGE 2007 ON YOUR 
ACTIVE DIRECTORY 
GUIDO GRILLENMEIER 

Exchange 2007 is one of those applications that 
will have quite an impact on your Windows infra¬ 
structure once you choose to deploy it. This 
includes the fact that the deployment of 
Exchange will force you to implement 64-bit ver¬ 
sions of the Windows OS. It will also introduce 
changes to your Active Directory, including how 
you delegate the management of messaging- 
related attributes and how you configure your AD 
Site Topology. And while there is no immediate 
dependency to update your Active Directory 
Domain Controllers to 64-bit Windows as well, 
various features of Exchange 2007 will have quite 
an impact on the amount of data stored per user 
in your Active Directory. So should you upgrade 
your AD DCs to 64-bit after all? This session will 
answer this and other questions by describing 
how the different features in Exchange 2007 
could impact your Active Directory. 

CRACKING THE DAVISTA CODE: 

THE BEST THINGS YOU'RE NOT USING 
IN VISTA 
MARK MINASI 

So you got yourself some powerful PCs and you 
put Vista on your desktop. Pretty neat, eh? But it 
might be neater, you know. After all, Vista's basi¬ 
cally a complete re-write of Windows. So while 
everyone's focused on Aero Glass or previous 
versions, it's easy to miss some of the not-so- 
obvious but useful things in the latest version of 
Windows-things like takeown, icacls, or Vista's 
ability to resize already-formatted partitions 
without having to reformat them, to name just a 
few. Join Mark Minasi, author of Administering 
Vista Security: the Big Surprises and 
Mastering Windows Vista Business, in his 
quest to squeeze the last bit of neat new func¬ 
tionality out of Vista, while perhaps getting a few 
laughs in the process! 


APPLICATION COMPATIBILITY FOR 
WINDOWS VISTA 
JEREMY MOSKOWITZ 

You've got Vista and now you've got problems. 
Why? Because you've got applications which 
work TODAY in XP, but maybe not so much in 
Vista. What are you going to do? We'll start off 
with the Application Compatibility Toolkit (which 
does a lot more than you might think) and show 
you some tips and tricks to make the applica¬ 
tions you already have work better in Vista. 

SERVER HIGH AVAILABILITY 
TECHNOLOGIES 

ALAN SUGANO 

This session will explore high availability solutions 
from Microsoft and third-party vendors. We will 
examine lower-end solutions like SQL Server Log 
Shipping and Database Mirroring that are included 
with SQL Server 2005, server mirroring from third- 
party vendors like Neverfail and Doubletake, 
Microsoft's Server Cluster Solution, SAN options, 
and how to leverage virtualization technologies, 
such as VMWare's ESX Server with VMotion, as 
options for high-availability. The discussion will 
prepare you to determine which high availability 
solution is the best fit for your company based on 
your budget and uptime requirements. 

WINDOWS SERVER UPDATE 
SERVICES 3.0 
DOUG SPINDLER 

Patch management has kept many an IT 
Professional busy over the years. Keeping a 
machine patched and up to date is probably one 
of the least rewarding tasks for an IT Professional. 
Several years ago, Microsoft released a free patch 
management server, but few IT Pros actually 
implemented it. The Patch Management Server or 
Windows Server Update Services (WSUS) is now on 
version 3. There is no reason not to have WSUS 
running where you work. In this session, we are 
going to show you step-by-step how to install a 
WSUS server first without Active Directory, and 
then with Active Directory. Everyone who attends 
this session will leave knowing how to set up and 
deploy a WSUS server. 

FILE AND DISK ENCRYPTION WITH EFS 
AND BITLOCKER 

BRIAN KOMAR 

Plug potential data "leaks" by encrypting user 
systems. Explore the pros and cons of Encrypting 
File System (EFS) and Windows Vista Bitlocker 
during this practical, technical session. 
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Microsoft Office 2007: 

Deployment Strategies and Techniques 

The new Microsoft information worker platform is here: 
Microsoft Office 2007. Far more than just new versions of 
Word and Excel, Office 2007 is the new groupware client, 
information worker portal, and collaboration platform for 
Microsoft technologies. Leveraging server technologies in 
Windows, Exchange Server, and SharePoint Server, and 
based upon the advanced client platform technologies in 
Windows Vista, Office 2007 is simply a must-have new suite. 
Are you ready for it? 

Rely on Office Connections' expert presenters to share inside 
tips and tricks, and their deep, thorough experience to make 
Office 2007 deployments easier, more efficient, safer, and 
more effective. Learn what makes Office 2007 tick, and learn 
about the features your users will be relying on to do their 
jobs-and learn how to deliver those features in an effective, 
enterprise-friendly fashion. 

MIGRATING TO SHAREPOINT SERVER 2007 

In this session we are going to look at the upgrade and migration process of 
the new Office SharePoint Server 2007 in conjunction with the newest version 
of Windows SharePoint Services. Once you have decided to upgrade, you have 
several options of how to carry out the upgrade process. We are going to 
explain these upgrade alternatives, along with the advantages and disadvan¬ 
tages of each choice. With each upgrade approach comes additional considera¬ 
tions. This includes how to handle customizations and how to address the 
upgrade if you use shared services. We are going to address these concerns 
and give possible solutions. In addition, we will give tips for pre-upgrade and 
post-upgrade steps and best practices. 

SESSIONS AND SPEAKERS ARE SUBJECT TO CHANGE. 
SEE WEB SITE FOR UPDATES AND ADDITIONAL SESSIONS. 


PLANNING FOR AND DEPLOYING SPS 2007 

We will introduce the three-tier administration model: central administration, 
shared services, and site settings. Each component will be explained as well as 
some common usages. We will also explain various security topics including 
permissions. Finally, we will look at the deployment options. We will provide 
some considerations for determining the correct topology to use. We will use 
scenarios to go into detail of four different topologies. The simplest of these is 
a single server deployment, and then the options progress to farm options, 
from small to large. 

NEW TOOLS AND TECHNIQUES FOR DEPLOYING THE OFFICE 
2007 SYSTEM 

The 2007 release of the Microsoft Office System offers several new tools to 
speed and simplify the client deployment process. In this session, you are intro¬ 
duced to the new Setup and Customization technologies (only one tool now 
instead of all those wizards!) in addition to the new Office Multilingual architec¬ 
ture. This presentation offers a drill down of each tool, guidance for their use, 
and suggestions for making your deployment a success. 

SECURITY AND SHAREPOINT: FROM SERVICE ACCOUNTS TO 
ITEM-LEVEL ACCESS 

In this session we are going to discuss the security methods for Windows 
SharePoint Services 3.0 and Office SharePoint Server 2007. We will go over dif¬ 
ferent authentication methods, as well as benefits and limitations with these 
authentication methods. We will discuss the management of permissions and 
their role with SharePoint groups. We will go over the different permission lev¬ 
els and new permissions available with SharePoint 2007. We will also review 
access rights that can be used with the SharePoint server. We will discuss the 
configuration of a Web Farm and review the Web Farm topology, secure topolo¬ 
gy, secure communication, and security hardening. 

WHAT'S NEW IN THE MICROSOFT OFFICE 2007 SYSTEM? 

CLIENT FEATURE WALKTHROUGH 

The innovations in the 2007 Microsoft Office System client applications are sig¬ 
nificant and range across every aspect of the programs. This session provides 
an intense high-level tour of these major areas of innovation, including: (1) 
demonstrations of the most important new capabilities in each of the client 
applications, (2) insights into migration and coexistence with the new Microsoft 
Office Open XML file formats, (3) examples of client integration with the new 
Office SharePoint Server 2007, and (4) a fast-paced overview of the new 
streamlined Microsoft Office User Interface. 


CONFERENCE SESSIONS OFFICE 


INTRODUCTION TO KNOWLEDGE 
NETWORK 

DOUGLAS RYAN VANBENTHUYSEN 

Learn how Knowledge Network (KN) is positioned 
within the world of social and professional net¬ 
working. This session will review basic KN func¬ 
tionality, examine how to address privacy con¬ 
cerns, and suggest some advanced KN uses. 

WHAT'S NEW IN ACCESS 2007? 

ALISON BALTER 

Access 2007 includes a plethora of new features. 
This session provides the attendee with a tour of 
Access 2007. The tour will begin with an explo¬ 


ration of the many new form and report features 
that facilitate the rapid development of new and 
existing forms and reports. Other topics covered 
in this session include what's new with tables, the 
new and improved embedded macros, and what's 
new with importing and exporting. After attending 
this session you will be compelled to include 
Access 2007 as both an end-user and developer 
tool within your organization. 

CONTENT TYPES IN SHAREPOINT 
DOUGLAS RYAN VANBENTHUYSEN 

Explore the new SharePoint content type feature. 
This session will explain the value of content types 


and show how to create and associate multiple 
content types with a single document library. 

BUILDING INFOPATH FORMS THAT RUN 
AS BOTH RICH CLIENT AND BROWSER 
APPLICATIONS 
DAVID GERHARDT 

Examine the new support for server forms in 
Office InfoPath 2007. This session will review new 
InfoPath features but will focus on the "design 
once" concept, which allows for a single form 
template to be used for both rich-client and 
browser applications. 
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WHAT'S NEW IN ACCESS 2007 
SECURITY? 

ALISON BALTER 

Access 2007 security is extremely different than 
that of its predecessors. For example, Access 2007 
security eliminates user-level security. These 
changes to security have major implications on 
the applications that employees in the organiza¬ 
tion build. This session covers new topics such as 
using an Access 2007 database in a trusted loca¬ 
tion, packaging, signing, and distributing an 
Access 2007 database, and encrypting an Access 
2007 database. It also covers how security works 
with databases created in other versions of 
Access. Finally, it covers the process of running 
unsafe expressions. All of these topics are vital for 
securing and successfully working with an Access 
2007 database. 

USING SHAREPOINT DESIGNER AS A 
WORKFLOW TOOL 

DOUGLAS RYAN VANBENTHUYSEN 

Examine the workflow capabilities of Office 
SharePoint Designer 2007. This session will explore 
the conditional logic that you can build with 
SharePoint Designer workflows and review the 
actions that can be performed against SharePoint 
list items. 

GROOVE 2007: GETTING PEOPLE TO 
WORK TOGETHER 
DOUG SPINDLER 

Have you ever worked as a team member in a 
workgroup in which documents were e-mailed to 
the members of the team for review? If so you will 
quickly realize that tracking all of the changes and 
knowing which team member has the most up-to- 
date document is quite confusing. This is where 
Groove fits in. In this session, we will take a look at 
real-world solutions where we have used Groove 
Service and Groove Server to provide document 
management solutions for team members from 
company workgroups. We will show you how large 
corporations are using Groove Server and how 
mid-size law firms, advertising agencies, and non¬ 
profits are using Groove Service to work together 
on projects. 

LEVERAGING ONE OF SHAREPOINT'S 
FORGOTTEN GEMS, PART ONE: 

HARNESS THE POWER OF CUSTOM LISTS 
CA CALLAHAN 

WSS is often simply written off as a document 
sharing tool. But au contraire, it can be much 
more than that. Come see how to unlock the hid¬ 
den database potential of WSS, creating custom 



lists that allow you to enable your users to access, 
enter, and display shared data (like inventory, 
sales, and more). Watch how WSS can become a 
data management tool with built-in security capa¬ 
bilities, reporting, and more. 

LEVERAGING ONE OF SHAREPOINT'S 
FORGOTTEN GEMS, PART TWO: 

HARNESS THE REPORTING POWER OF 
CUSTOM VIEWS 
CA CALLAHAN 

Every list, table, or database is simply comprised 
of records of data. And although that's nice, on its 
own it's not that nifty. It's not enough to simply 
add data, and it's not enough to simply have it 
stored somewhere. You have to be able to see it, 
to query it, to "use" it. And that's what SharePoint 
lists and their views are all about. Come see how 
to use the power of view customization and learn 
a whole new way of using SharePoint. 

LEVERAGING ONE OF SHAREPOINT'S 
FORGOTTEN GEMS, PART THREE: 
HARNESS THE POWER OF THE SIMPLE, 
BUILT-IN, LIST VIEW WEB PARTS 
CA CALLAHAN 

Web Parts are usually considered for developers 
only, but that's just not true. Come see the third 
and final installment of the forgotten gems series, 
and learn how to use Web Parts to your advan¬ 
tage. Don't just fill your home page with stock 
market tickers and sports stats; learn how to 
leverage custom lists and their views to make 
your site's home page more relevant and useful 
(without becoming a developer). 

END-TO-END SOLUTIONS WITH THE 2007 
RELEASE: DEVELOPING FOR IT PROS 
DAVID GERHARDT 

Review an end-to-end solution for a sample build¬ 
ing permit application process. This session will 
show how Office InfoPath 2007 and Office 
SharePoint Designer 2007 were used together to 
build a solution that needed only a minimal 
amount of custom code. 

FRONT-ENDING SHAREPOINT 
WITH ACCESS 
ALISON BALTER 

Access 2007 is tightly integrated with SharePoint. 
This session provides the attendee with every¬ 
thing that they need to know about working with 
Access 2007 and SharePoint. Topics covered 
include why SharePoint and Access 2007 are 
important tools within the organization, how to 
move your database to a SharePoint site, and how 


to open and work with SharePoint lists from within 
Access 2007. It will also cover how to integrate 
with the SharePoint workflow, how to work with 
SharePoint services offline, and how to map 
Access data to SharePoint data. All of these topics 
are necessary when integrating Access 2007 and 
SharePoint. 

TEMPLATES AND CUSTOM STYLES WITH 

OFFICE WORD 2007 

DOUGLAS RYAN VANBENTHUYSEN 

Explore the use of custom styles in an Office 
Word 2007 template, including the interaction 
between themes, templates, and styles. You will 
learn convenient ways of applying styles, which 
includes assigning keyboard shortcuts, placing 
styles in the ribbon, and applying custom styles 
to custom themes. 

SHARING INFORMATION WITH 
MICROSOFT OFFICE EXCEL AND EXCEL 
SERVICES 2007 
BOB MIXON 

Excel Services, provided by Microsoft Office 
SharePoint Server 2007, gives users the ability to 
publish and share Excel workbooks in a central 
location. Once published, a user can access all or 
part of those workbooks through their browser 
using Microsoft Office Excel Web Access. In this 
session, I will demonstrate how to publish Excel 
workbooks to Excel Services and utilize various 
features such as, limiting what sheets and/or cell 
ranges will be displayed. In addition, I will demon¬ 
strate how to use browser-based parameters, giv¬ 
ing users the ability to plug in specific cell data. 

MICROSOFT OFFICE FORMS SERVER 
2007: DELIVERING FORMS WITHOUT CODE 
BOB MIXON 

In the past, delivering complex browser-based 
forms to our customers required the experience of 
an ASP.NET developer. With the combined features 
of Microsoft Office InfoPath 2007 and Microsoft 
Office Forms Server 2007, many of these efforts 
can be pushed out to the line of business. This 
session will demonstrate the ease of implement¬ 
ing browser-based forms that have rich features 
such as field-level validation-all without writing a 
single line of code. In addition, I will demonstrate 
the means by which these forms can be integrated 
with Microsoft Office SharePoint for data storage. 
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WORKSHOPS 

PRE-CONFERENCE WORKSHOPS 

* 


Pre- and Post-Conference Sessions Boost 
Your Expertise! 

Pre-Conference Workshops: 

Sunday, April 1, 2007 

Post-Conference Workshops: 

Thursday, April 5, 2007 

Windows Connections and Exchange Connections 
offers additional, optional pre- and post-conference 
half-day sessions. Extend your educational experience 
and gain additional expertise, including fundamentals 
that make the main-track sessions more relevant and 
comprehensible for newcomers. 

Pre- and post-conference session selections are 
available when you register. 

SESSIONS AND SPEAKERS 
ARE SUBJECT TO CHANGE. 

SEE WEB SITE FOR UPDATES 
AND ADDITIONAL SESSIONS. 



9AM - 4PM • PRE-CONFERENCE WORKSHOP • EXCHANGE TRACK 

EPR301: MICROSOFT EXCHANGE SERVER 2007 HANDS-ON LABS 
PETER O'DOWD 

Come take a six-hour guided tour of Exchange Server 2007 and see for 
yourself the next evolution of the world's most powerful messaging system. 
Experience the new Management Console, the five new server roles, e-mail 
policy enforcement and compliance, powerful new scripting tool, new archi¬ 
tecture, new high availability and disaster recovery features, new mailbox 
features, and methods for migrating from earlier versions of Exchange. 

Sign up fast, seating is limited. 

9AM - 4PM • PRE-CONFERENCE WORKSHOP • WINDOWS TRACK 

WPR201: REIMAGINING THE IMAGE: DEPLOYING, REPAIRING, 
REPLACING, AND UPDATING WINDOWS XP AND WINDOWS 
VISTA CLIENT 
DAN HOLME 

In this fast-paced, intermediate to advanced session, Dan will share with you 
best practices and real-world insight into the design, deployment, and mainte¬ 
nance of Windows XP and Vista clients. You will learn new, 21st century 
approaches to creating perfect (and perfectly supportable) corporate and divi¬ 
sional desktop and laptop images that can be supported effectively with appli¬ 
cation, security patch, and service pack rollouts into the future. You will take 
away a deployment methodology that works, and a solid understanding of its 
functionality so that you can further refine the methodology to apply to your 
enterprise. Once you leverage the new capabilities of XP, Vista, and Windows 
Server, your enterprise will be able to roll out and troubleshoot systems faster 
and more confidently than ever before. Some of Dan's clients have cut out the 
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Subject to weather conditions. 
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costs of vendor-installed images after learning how to better manage image 
creation and deployment internally. 

Topics will include Remote Installation Services, Windows Deployment Services, 
ImageX, Windows PE, and powerful methods for scripted deployment of the 
operating system and applications (including Microsoft Office). Participants 
should have familiarity with deployment technologies such as unattended 
answer files, Group Policy, Sysprep, and disk duplication. 

9AM - 12PM • PRE-CONFERENCE WORKSHOP • WINDOWS TRACK 

WPR202: VBSCRIPT BASIC TRAINING 
DON JONES 

A crash course in administering Windows with VBScript! Think VBScript is dead? 
Think again: Even Microsoft is using it in Windows Server 2007/2008; for many 
jobs, VBScript is still the right tool. Scripting guru Don Jones, author of 
Managing Windows with VBScript and WMI and co-author of Advanced 
VBScript for Windows Administrators, teaches you everything you need to 
know about VBScript, Windows Management Instrumentation (WMI), and Active 
Directory Services Interface (ADSI)-with no prior experience reguired. You'll 
even learn Don's tips and tricks for scripting faster and more effectively, includ¬ 
ing great tips on debugging and bug prevention. 

1PM - 4PM • PRE-CONFERENCE WORKSHOP • WINDOWS TRACK 

WPR203: WINDOWS POWERSHELL BASIC TRAINING 
DON JONES 

Learn the basics of Microsoft's newest tool for administrative automation: 
Windows PowerShell. Scripting guru Don Jones, co-author of Microsoft 
Windows PowerShell: TFM, and a half-dozen other books on scripting 


and automation, introduces you to Windows PowerShell's interactive capa¬ 
bilities and its scripting language. You'll learn to use cmdlets, write basic 
scripts, and more. More importantly, you'll be able to perform real-world 
tasks like query Windows Management Instrumentation, work with Active 
Directory objects, manage computers' local security accounts, manage 
services, processes, and security, work with the registry, and much more. 
Bring a laptop with Windows PowerShell installed and be prepared to follow 
along as Don whizzes through the basics of this exciting new shell. Perfect 
if you're looking at Exchange Server 2007, which has its administrative 
functionality built upon Windows PowerShell! 

9AM - 4PM • PRE-CONFERENCE WORKSHOP • OFFICE TRACK 

0PR202: WINDOWS SHAREPOINT SERVICES DEMYSTIFIED 
CA CALLAHAN 

An IT professional's guide on how to install, set up, and administer WSS 3.0 
with an overview of what it is and what it does. Includes topics such as 
what Windows Sharepoint Services are and how they differ from MOSS; what 
WSS does to the server under the hood; dos, don'ts, and best practices from 
an administrator's point of view; and what the heck a document library 
actually is. Learn what to consider when installing WSS; how to use preex¬ 
isting libraries, lists, and other out-of-the-box goodies; how to create sub¬ 
sites (and why); how to manage users, rights, and configure settings that 
any administrator needs to know. Attendees will come away with a working 
knowledge of Windows Sharepoint Services and what to watch out for when 
deploying it in their business environment. 
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9AM - 4PM • POST-CONFERENCE WORKSHOP • EXCHANGE TRACK 

EPS301: EXCHANGE 2007 FOR EXCHANGE 2003 

ADMINISTRATORS 

JIM MCBEE 

There has been a lot of hype and media attention surrounding Exchange 
2007. The Exchange community has gotten their first look at Exchange 2007 
in the summer of 2006. But what does the imminent release of Exchange 
2007 mean to you as an Exchange 2003 administrator and your users? 

64-bit hardware support, a revamped user interface through a new graphi¬ 
cal user interface or Monad scripts, continuous replication, resource mail¬ 
box support, Edge services, improved mobile support, and unified messag¬ 
ing will all affect the way we manage our Exchange organizations and the 
services we provide to our user community. Topics in this workshop include: 

• Determining a migration / upgrade path to Exchange 2007 from your 
current Exchange environment 

• Implementing e-mail lifecycle management 

• Implementing Outlook 2007 using the auto-discovery service 

• Reviewing the new Exchange server roles 

• Using new features for virus protection, spam reduction, 
and content filtering 

• Using the new Exchange Management Console and Monad scriptlets 

• Using local continuous replication to improve availability 

• Implementing Exchange Edge services 

• Reviewing new unified messaging features 

• Taking advantage of resource mailboxes and the scheduling assistant 

9AM - 4PM • POST-CONFERENCE WORKSHOP • WINDOWS TRACK 

WPS301: REIMAGINING IT ADMINISTRATION: ROLE-BASED 
MANAGEMENT, PROVISIONING, AND ACCELERATED 
ADMINISTRATION 
DAN HOLME 

Find out why this workshop is consistently rated as a "best of breed" ses¬ 
sion, delivered as a capstone to your Windows Connections experience. 

From his work with thousands of IT professionals, from the CIOs of Fortune 
companies to front-line support professionals, Dan Holme has amassed a 
wealth of experience and expertise-solutions which enable you to deliver 
real-world best practices within the constraints of real-world budgets and 
technologies. 

ROLE-BASED MANAGEMENT: You will discover how to implement role-based 
management, in which users are defined by their business roles and where 
resource access and configuration are instantly, accurately, and auditably 
applied. Empower your enterprise to enable a documented, auditable struc¬ 
ture for resource security, asset management, and more. 

PROVISIONING: You have the technology. Your business has processes. But 
too commonly they are not aligned. Learn how concepts of provisioning can 
enable you to support business processes through easy-to-implement solu¬ 
tions for scenarios including user management, new and replaced comput¬ 
ers, and group membership tracking, to name a few. 

ACCELERATED ADMINISTRATION: Learn the tricks that Dan has developed 
with enterprises large and small to facilitate administration and security. 
Dan will focus on creating highly customized and effective MMC consoles, 
scripts, intranet pages, and toolsets utilizing the native Windows adminis¬ 
trative tools, support tools, and Resource Kit and free third-party utilities. 


9AM - 4PM • POST-CONFERENCE WORKSHOP • WINDOWS TRACK 

WPS302: CREATE A TEST ENVIRONMENT, VIRTUALLY AND 
INEXPENSIVELY (HANDS ON) 

RHONDA LAYFIELD 

Have you ever wanted a test environment, but didn't know where or how to 
start? Purchasing new hardware to sacrifice to a test network can be pretty 
costly, not to mention the amount of time it takes to build and maintain the 
test environment. While this task can seem overwhelming, it doesn't have 
to be. This post-conference workshop will give you hands-on experience in 
creating your very own test environment that mirrors your production envi¬ 
ronment with built-in disaster recovery! Now think about that for a 
second-regardless of the technology you require in your test lab, be it SQL, 
Exchange, Active Directory, or a development test environment, these step- 
by-step labs will work for all, and you get to perform them live. 

Participants will be required to bring their own laptop (hardware requirements will be posted 
online), onto which they will install the free VMWare Server product, which will be used to 
create your own virtual test environment live, in class. You will also be able to take these step- 
by-step labs back to work with you and create your own virtual test environment, no muss no 
fuss, and no drain on your budget!! 

9AM - 4PM • POST-CONFERENCE WORKSHOP • OFFICE TRACK 

0PS201: MICROSOFT OFFICE SHAREPOINT SERVER 2007 (MOSS) 
WEB CONTENT MANAGEMENT 
BOB MIXON 

Microsoft Office SharePoint Server 2007 has included a very robust feature 
set called Web Content Management (WCM). In this full-day workshop you 
will learn how to plan for, design, and deliver a highly scalable Web Content 
Management Solution. You may have heard about Web Content 
Management, but what does it "really" do and what value does it add to my 
customers? This workshop will provide the details of what WCM is and why 
it is important. It will cover the high-level feature set that we will dive in to 
throughout the rest of our day. The most important step in any solution is 
to have a workable plan; without this, the risk of failure is very high. In this 
workshop we'll describe best practices for planning and documenting the 
design of your content management solution. In addition, you'll see a 
demonstration of how to create custom column types, content types, and 
associated page layouts. 

Another exciting feature of Microsoft Office 2007 is workflow; without it, 
Web Content Management couldn't exist. This part of the workshop will 
describe and provide demonstrations of both simple and complex workflow 
scenarios that will be common in your workplace. You'll learn how these 
workflows can be attached to your custom content types and set for manu¬ 
al or automatic initiation. Once you have your Content Management solu¬ 
tion in place, you will need to educate your content authors. With the new 
features found in Microsoft Office 2007, content authoring and publishing 
couldn't be easier. You'll see demonstrations of how content can be 
authored using Microsoft Word or the browser. In addition, I will show the 
role workflow plays during the authoring and publication process. 

To wrap up the day, you'll learn various ways of aggregating content and 
displaying it on your site using the Content Query Web Part (CQWP). The 
Content Query Web Part provides a wealth of features, many of which are 
misunderstood. You'll see a demonstration of how to configure and cus¬ 
tomize this Web Part to get the results you are looking for. 

SESSIONS AND SPEAKERS ARE SUBJECT TO CHANGE. 

SEE WEB SITE FOR UPDATES AND ADDITIONAL SESSIONS. 
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EVENT INFORMATION 

HOTEL INFORMATION 



HOTEL ACCOMMODATIONS 

The Hyatt Regency Grand Cypress Resort, 
One Grand Cypress Blvd., Orlando, FL is 
the conference site and host hotel. SPACE 
IS LIMITED so reserve your room early by 
calling the conference hotline at 
800-505-1201. 

AIRLINE 

Please call Pericas Travel at 
203-562-6668 for airline reservations. 

CAR RENTAL 

Hertz is offering auto rental discounts to 
attendees. Call the Hertz Meeting Desk at 
800-654-2240 for reservations and refer 
to code CV# 010R0031 to receive your 
attendee discount. 

AIRPORT SHUTTLE 

Mears Transportation is the designated 
ground carrier at Orlando International 
Airport. The shuttle may be picked up at 
Level 1 of the airport. The shuttle is avail¬ 
able 24 hours a day. The rates to the 
Hyatt Regency Grand Cypress hotel are 
as follows: One-way is $18.00 and $30.00 
round-trip. You may call Mears directly at 
407-843-2404 for more information or go 
to their Web site www.mearstransporta- 
tion.com. Prices are subject to change. 


ATTIRE 

The recommended dress for the confer¬ 
ence is casual and comfortable. Please 
bring along a sweater or jacket, as the 
ballrooms can get cool with the hotel's air 
conditioning. 




ORLANDO, FLORIDA 


EXTEND YOUR STAY 

Come early or stay late. Bring the family! You are in the land of 
fantasy for children of all ages. Walt Disney World - Magic 
Kingdom® Park, Disney MGM Studios®, Epcot® and Disney's 
Animal Kingdom® Theme Park. In addition, explore Kennedy 
Space Center, Sea World, and Universal Studios Theme Park, or 
take a short drive to beautiful white sand Atlantic beaches. 


TAX DEDUCTION 

Your attendance to a DevConnections conference may be tax 
deductible. Visit www.irs.ustreas.gov. Look for topic 
513 - Educational Expenses. You may be able to deduct the con¬ 
ference fee if you undertake to (1) maintain or improve skills 
reguired in your present job; (2) fulfill an employment condition 
mandated by your employer to keep your salary, status, or job. 

SPONSORSHIP/EXHIBIT INFORMATION 

For sponsorship information, contact: 

Rod Dunlap 

phone: 480-917-3527 

e-mail: rod@devconnections.com 

See web site for more details. www.WinConnections.com 


GROUP DISCOUNT 

Register individuals from one 
company at the same time 
and receive a group discount. 

Call 800-505-1201 to take 
advantage of group discount pricing. 

NOTES & POLICIES: The Conference Producers reserve the right to cancel the conference by refunding the registration fee. 
Producers can substitute speakers and topics and cancel sessions without notice or obligation. Updates will be posted on 
our Web site at www.WinConnections.com. Tape recording, photography is not allowed at any session. Conference producers 
will be taking candid pictures of events and reserve the right to reproduce. By attending this conference you agree to this 
policy. You may transfer this registration to a colleague. Please inform us if you have any special needs or dietary restric¬ 
tions when you register. The conference registration includes a one-year print subscription to Windows IT Pro. Current 
subscribers will have an additional one year added to their subscription. Subscriptions outside of the United States and 
Canada will be digital. $25 of the funds will be allocated toward a subscription to Windows IT Pro ($49.95 value). 
REGISTRATION & CANCELLATION POLICY: Registrations are not confirmed until payment is received. Cancellations before 
March 1,2007 must be received in writing and will be refunded minus a $100 processing fee. After March 1,2007 cancellations 
and no shows are liable for full registration, it can be transferred to the next Connections Conference within 12 months or to 
another person. Active Directory, Microsoft, MSDN, Outlook, Windows NT, Windows Server, Windows Vista, and Windows are 
either trademarks or registered trademarks of Microsoft Corporation. All other trademarks are property of their owners. 
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($200 off each) 
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CONFERENCE REGISTRATION • APRIL 1-4, 2007 


FULL CONFERENCE REGISTRATION INCLUDES KEYNOTE ON APRIL 1, 6:30PM, 
THROUGH CLOSING SESSION APRIL 4, 4:30PM 


NAME 

PRIORITY CODE 

COMPANY 

TITLE 

STREET ADDRESS (REQUIRED TO SHIP MATERIALS) 

CITY, STATE, POSTAL CODE 

COUNTRY 

TELEPHONE FAX 

E-MAIL ADDRESS (IMPORTANT) 


ONLINE 

www.WinConnections.com 

E-MAIL 

info@devconnections.com 

PHONE 

(800) 505-1201, (203) 268-3204 

FAX 

(203) 261-3884 

MAIL 

Microsoft Exchange Connections 2007 
Windows Connections 2007 
Office Connections 2007 
c/o Tech Conferences, Inc. 

731 Main Street, Suite C-3 
Monroe, CT 06468 


Microsoft Exchange Connections . 

.on or before February 15. 

.after February 15. 

.$1295.00 

.$1395.00 

Windows Connections. 

.on or before February 15. 

.after February 15. 

.$1295.00 

.$1395.00 

Office Connections . 

.on or before February 15. 

.after February 15. 

.$1295.00 

.$1395.00 


SPECIAL BONUS HANDS-ON COURSES 

If you are registering for the conference and would like to take one or more of the following hands-on courses, 

please make your selection here. Space is limited. If the class is full, you will be notified when your registration is received. 


□ MONDAY, APRIL 2,2007 Troubleshooting Disaster Recovery with Exchange Server 2003 (full day) 


□ TUESDAY, APRIL 3,2007 Troubleshooting Message Flow in Exchange Server 2003 (full day) 

□ WEDNESDAY, APRIL 4,2007 Troubleshooting Performance in Exchange Server 2003 (full day) 

□ MONDAY, APRIL 2,2007 VBScript Master Course (bring your own laptop) 

□ TUESDAY, APRIL 3,2007 PowerShell Master Course (bring your own laptop) 

PRE-CONFERENCE WORKSHOPS SUNDAY, APRIL 1, 2007 LUNCH IS INCLUDED WITH FULL DAY WORKSHOPS. 

□ 9:00AM -4:00PM Microsoft Exchange Server 2007 Hands-on Labs O'DOWD.$399 _ 

□ 9:00AM - 4:00PM Reimagining the Image: Deploying, Repairing, Replacing, 

and Updating Windows XP and Windows Vista Client HOLME.$399 _ 

□ 9:00AM-12:00PM VBScript Basic Training JONES.$199 _ 

□ 1:00PM -4:00PM Windows PowerShell Basic Training (bring your own laptop) JONES.$199 _ 

□ 9:00AM - 4:00PM Windows SharePoint Services Demystified CALLAHAN.$399 _ 

POST-CONFERENCE WORKSHOPS THURSDAY, APRIL 5, 2007 LUNCH IS INCLUDED WITH FULL DAY WORKSHOPS. 

□ 9:00AM -4:00PM Exchange 2007 for Exchange 2003 Administrators MCBEE.$399 _ 

□ 9:00AM - 4:00PM Reimagining IT Administration: Role-Based Management, Provisioning, 

and Accelerated Administration HOLME .$399 _ 

□ 9:00AM - 4:00PM Create a Test Environment, Virtually and Inexpensively 

(Hands-on - bring your own laptop) LAYFIELD.$399 _ 

□ 9:00AM - 4:00PM Microsoft Office SharePoint Server 2007 (MOSS) 

Web Content Management MIXON.$399 _ 

CONFERENCE MATERIALS Full conference registration includes materials for the one conference for which you register. 
You may purchase materials for the other concurrently run events. 

□ Microsoft Exchange Connections Proceedings Book and Resource CD.$99_ 

□ Windows Connections Proceedings Book and Resource CD .$99_ 

□ Office Connections Proceedings Book and Resource CD .$99_ 


PAYMENT TOTAL 


♦IMPORTANT: You must reference Microsoft Exchange Connections, Windows Connections, or Office Connections on your check. 


□ CHECK (payable to Tech Conferences) All payments must be in US Currency. Checks must be drawn on a US bank. 
□ VISA □ MASTERCARD □ AMEX 

CREDIT CARD NO. EXPIRATION DATE 


Cardholder's Signature 


Cardholder's Name (print) 




















































































MICROSOFT 

EXCHANGE 

Connections 

2,007 


Microsoft, Windows IT Pro, 

TechNet Magazine and Tech Conferences 
come together to bring you the premier event 
for IT Professionals. 


WINDOWS 

Connections 

2007 


Office 


April 1-4, 2007 

Orlando, Florida 

Hyatt Regency Grand Cypress Resort 


Connections 

2007 


Microsoft • WndcwsJTPro BS5 


Register Today! • WinConnections.com • 800-505-1201 • 203-268-3204 


WinConnections 2007 

c/o Tech Conferences, Inc. 

731 Main Street, Suite C-3 
Monroe, CT 06468 


Mailroom: If addressee is no longer here, 
please route to MIS Manager or Training Director 







Message Routing 


to the Hub Transport server in its local site. 
That Hub Transport server attempts to find the 
most efficient path for the message, beginning 
by computing the cost of all possible routings 
and using the resulting list of routing costs to 
attempt the least expensive connection directly 
to the target site's Hub Transport server. The 
routing engine prefers direct connections 
whenever possible, so if two routes with equal 
costs exist, the routing engine will choose the 
one with the shortest number of hops. 

Because sites and site links were originally 
designed for finding local services, Windows 
doesn't have a concept of a service-related cost 
for sites or site links: The cost associated with 
a link is essentially fixed. However, you can 
set an Exchange-specific cost on site links by 
using the Set-AdSiteLink Exchange Manage¬ 
ment Shell cmdlet. If you specify an explicit 


Exchange cost for a site link, Exchange uses 
the cost for routing-cost calculations. However, 
other Windows services (notably AD replica¬ 
tion) ignore the Exchange-specific cost. 

The Exchange cost comes into play in sce¬ 
narios where the destination Hub Transport 
server isn't directly reachable, which can hap¬ 
pen for two reasons: 

• The link to the target site is down. Consider 
three sites, A, B, and C, where each site is 
connected to the other two. Usually a mes¬ 
sage can go directly from A to C, but if the A 
to C link is down, the Hub Transport server 
can route the message A to B to C to deliver 
it. 

• You've set up a hub site, which is essen¬ 
tially the equivalent of an Exchange Server 
5.5-style hub-and-spoke topology. All mes¬ 
sages go from the originating Hub Transport 


server to the hub site, then to their destina¬ 
tion. The Exchange 2007 documentation is 
pretty clear about the utility of this topology; 
it warns that hub sites "should only be used 
when it is required by the network topology, 
such as when firewalls exist between Active 
Directory sites and prevent direct relay of 
Simple Mail Transfer Protocol (SMTP) com¬ 
munication" (http://technet.microsoft 
.com/en-us/library/0f697cee-bcaa-4c69- 
b80c-7a2afdl817d2.aspx). To establish a 

hub site, you have to use the Set-AdSite 
cmdlet through Exchange Management 
Shell. 

Preparing for Sharing 

When you add the first Exchange 2007 server to 

an existing Exchange organization, Exchange 


IT Pro Hero 

0; But Microsoft isn't saying that DAS is 
the preferred storage medium for Exchange 
2007—just that if s an option, right? 

A: Right. There was some controversy in IT about switching from a SAN to 
the cheaper disks because of our users' expectations of high availability. 
But because we decided to increase mailbox size from 200MB to 2GB, 
for compliance as well as dogfooding reasons, we needed to back up 10 
times the amount of data that we were backing up in Exchange 2003. 
Ironically, in the middle of this controversy, we lost a SAN array with 
8,000 users on it. It completely died, and we had to reinstall Exchange 
and recover 800 200MB mailboxes. That was an exceptionally painful 
exercise. And the Exchange development team guys told us, "If you'd 
been using CCR, it would have been a two-minute outage, not a two-day 
outage." They were right. That's really what helped us turn the corner 
and embrace this scenario. It was an unfortunate event but exactly what 
we needed. 

Another challenge we had was that when we switched to 2GB mail¬ 
boxes, we also told users, "no more PSTs." That decision caused probably 
the biggest backlash that we've ever seen. But when we offered to let the 
users who wanted PSTs out of the pilot program, they said, "no way—I 
love my 2GB mailbox!" We use the new records management features 
to set limits and actions to take on different folders, depending on the 
classification of the mail—for example, whether it needs to be archived 
or deleted after a certain period of time. With 2GB, users have essentially 
the experience of a bottomless mailbox. 

CL* During the course of the dogfooding, what 
Exchange 2007 features did IT staff most 
appreciate? 

A: The advances with Windows PowerShell (aka Exchange Management 


Shell) and the ability to do so much via the command line were a huge 
win for us from an administrative perspective. When we heard about 
Monad (the prerelease version of PowerShell) initially, everybody in IT 
thought that this new way of doing administration would be a headache. 
But after we started using PowerShell, we absolutely loved it. 

I think PowerShell represents tremendous potential for the user com¬ 
munity because it provides a consistent way of doing things. I think there 
will be a community of sharing scripts, cmdlets, and knowledge, so that 
people won't have to reinvent processes for automated ways of moving 
mailboxes or certain sorts of tasks. 

Q; What's an example of a problem that would 
be easier for you to identify using PowerShell? 

A: The state of services and databases is one. Another example: One of 
the more problematic roles for us, because it was brand new, was the 
Edge server role. When troubleshooting issues with the Edge server, 
we found that our traditional methods—using Performance Monitor 
or Queue Viewer through Exchange System Manager (ESM)—were 
less accurate than we would have hoped. But we were able to find the 
answers through PowerShell; it gave us a more granular view of what was 
happening on the Edge server. 

0: What's your advice to your IT peers in 
other organizations to help them get over 
their fear of PowerShell? 

A: Actually, all I think they need to do is take a look at it. After less than 
30 minutes of playing with PowerShell, our IT folks were saying, "Wow, 
this is incredibly powerful and extremely beneficial." 
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Message Routing 


2007 setup asks you to pick a target bridgehead 
server in the existing organization. The server 
you pick is used to establish an RGC, so plan 
ahead to make sure that you're selecting a 
server in a routing group with good connectiv¬ 
ity. All messages you send between mailboxes 
on the Exchange 2007 server and the exist¬ 
ing servers will pass over this connector. All 
Exchange 2007 servers go into the Exchange 
2007-specific DWBGZMFD01QNBJR routing 
group; you can't put them anywhere else. This 
can lead to undesirable routing because all 
messages between the Exchange 2007 and leg¬ 
acy Exchange parts of your organization have 
to traverse that connector, no matter where the 
servers are physically located. To work around 
this problem, Microsoft recommends that 
you create additional RGCs between DWBG- 
ZMFD01QNBJR and target routing groups; to 
do so, you'll use the New-RoutingGroupCon- 
nector Exchange Management Shell cmdlet. 

You also have to consider link state updates 
from Exchange 2003 and Exchange 2000 rout¬ 
ing groups. If you have only one RGC, link state 
updates won't be a problem. However, if you 
have multiple connectors, link state changes 
will be propagated only among your Exchange 
2003 and Exchange 2000 servers. The Exchange 
2007 Hub Transport role doesn't understand 
link state updates and won't accept them 
when offered by legacy servers, so the Hub 
Transport servers might attempt to route 
messages over connectors that are currently 
down. This can lead to slow delivery times at 
best or message loops at worst. Microsoft rec¬ 
ommends setting the SuppressStateChanges 
registry subkey (described in detail at http:// 
www.microsoft.com/downloads/details 
.aspx?familyID=62fbl297-4c6b-4d84-84cc- 
060989f2f305) to turn off connector-status 
change messages. When you do so, Exchange 

2003 and Exchange 2000 will essentially act 
like Exchange 2007 in that they'll rely on only 
route-cost information and not route-status 
information when making routing decisions. 

When you move mailboxes from Exchange 
2003 and Exchange 2000 servers to Exchange 
2007, you'll need to decommission the older 
servers; as you remove them, they'll be 
removed from the routing topology. However, 
you'll need to remove RGCs manually as you 
remove individual legacy Exchange routing 
groups, as well as remove any RGCs between 
your Exchange 2007 pseudo-routing group 
and the rest of your organization. This is a 
straightforward process, but it requires you to 
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watch message flow carefully to ensure that 
you're not stranding messages on a server or 
preventing flow from other servers that may 
depend on a particular connector or bridge¬ 
head. 

A Better System 

Message routing has changed significantly in 
Exchange 2007 as Microsoft added the Hub 


Tranport server role and eliminated routing 
groups altogether, but the changes offer a 
better system for moving messages. However, 
efficient message flow will depend on having 
a proper AD site design. If you're not confident 
that your site topology maps correctly to the 
layout of your network, you should begin cor¬ 
recting it now to smooth your Exchange 2007 
upgrade process. ^ 
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ON THE ROAD 


BY MARK 

JOSEPH EDWARDS 



PROBLEM: 

You need a way to 
protect the network 
communications of client 
computers when those 
clients are using untrusted 
networks. 


SOLUTION: 

Use OpenSSH and Squid 
for Windows to build a 
quick and simple VPN. 


WHAT YOU NEED: 

OpenSSH, Squid for 
Windows, Kraken Config, 
server computer, client 
computer 


C onnecting to the Internet while traveling can 
sometimes be dangerous, especially over 
open, unencrypted networks, such as those 
found at hotels, coffee shops, conventions, and some¬ 
times even at client or business partner sites. 

To give you an example, at the 2006 DEFCON 14 
hacker convention in Las Vegas, hackers sniffed the 
public wireless network airwaves to discover all sorts of 
information from people who didn't bother to encrypt 
their network traffic. The hackers then posted those 
details on a “Wall of Shame" for everyone to see. As a 
result, a lot of people's sensitive information, includ¬ 
ing banking and business information, was compro¬ 
mised. 

You can, of course, use a VPN to establish secure 
connectivity when you're mobile so that you don't 
fall victim to snoops. If you want a lightweight VPN 
solution that’s easier to install and manage than other 
solutions, check out the OpenSSH VPN tool and the 
Squid for Windows proxy server (formerly SquidNT), 
both of which are free. 



DIFFICULTY: 

ooo 
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Open SSH and Squid for 
Windows 

OpenSSH is based on the popular Secure Shell (SSH) 
technology, and Squid for Windows is based on 
the popular Squid proxy server, both of which were 
originally developed for UNIX and Linux platforms. 
OpenSSH and Squid for Windows are versions of 
those tools, which have been designed specifically 
to run on Windows platforms. One major benefit of 
using these tools is their simplicity and portability. 
They're easy to install, require very little configuration 
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and management, and the solution works on nearly 
any client OS today, which means you can install this 
solution on two desktops if you want, instead of need¬ 
ing a dedicated server platform. These benefits are, of 
course, not the case with other proprietary solutions. 
Note that any client software you use must be able 
to support the use of a proxy server to communicate 
over this VPN solution. If you want to implement this 
solution on another platform, such as Linux, BSD, 
or OS X, then simply obtain OpenSSH and Squid for 
those platforms and use the same principles that I 
provide in this article. 

I'll show you how to build a VPN server and cli¬ 
ent, collectively referred to in this case as “VPN," step 
by step, by using the OpenSSH toolkit and Squid for 
Windows proxy server, which you can run on nearly 
any Windows system. This solution will let you move 
all your mobile-client traffic over an encrypted con¬ 
nection through the VPN and then out to the Internet 
or to systems on the network on which your VPN 
server resides. 

An added benefit of this solution is that you can use 
it to remotely manage the server that runs OpenSSH 
or any systems that you have access to through the 
OpenSSH server (e.g., other systems on the same net¬ 
work). This is possible because when you connect to 
the OpenSSH server, you get a command-line prompt, 
which is actually a remote command shell running on 
the OpenSSH server. In that command shell, you can 
run any Windows commands or command-line tools 
that you have permission to access under the account 
with which you logged on. So if you want to manage 
other systems by using the OpenSSH connection, plan 
ahead by copying any tools that you might need onto 
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Use OpenSSH 
and Squid 
to create a VPN 


the server before you head out on the road, or make 
sure you have access to other remote servers where 
any required tools might reside. If you need to man¬ 
age other systems over the OpenSSH connection, you 
should probably use domain authentication (which 
Step 1 describes) so that you have proper permissions 
on those other systems. 


Step ll Install and Config¬ 
ure OpenSSH on the Server 

To get started, download a copy of OpenSSH (http:// 
sshwindows.sourceforge.net/download) and install it 


How It Works 

The OpenSSH/Squid for Windows solution is rela¬ 
tively simple. You install OpenSSH on a server and on 
any clients. You install Squid for Windows only on the 
server system. On the client side, OpenSSH connects 
to your OpenSSH server and opens a separate port on 
the client computer to listen for client traffic on the 
localhost address. You configure your client applica¬ 
tions (Web browser, email client, chat client) to use 
a proxy server with the localhost address. The client 
applications then send traffic to the OpenSSH loc¬ 
alhost port, which routes the traffic to the OpenSSH 
server over the encrypted connection. The OpenSSH 
server then receives that traffic and routes it to Squid 
for Windows, which in turn sends that traffic on to its 
destination. Although this might sound a bit com¬ 
plex, once you try it you'll see that it's very easy to 
understand and implement. 

To implement this solution, you'll need one 
computer to use as the VPN server and at least one 
mobile computer to use as the VPN client. OpenSSH 
and Squid for Windows don't require much memory 
or CPU time, so you can easily run both on nearly 
any server that mobile computers can reach from 
the Internet. You could also build the VPN server 
on a computer on your home network, and if your 
company policy allows for it, build on the company 
network instead. Be sure to read this solution in its 
entirety before you implement it. 


on your server by using the installation wizard. This 
is a straightforward process and doesn't require any 
special knowledge. 

After you install OpenSSH, I recommend that you 
edit the default configuration so that OpenSSH runs 
on some port other than the default port 22. Running 
on a port other than 22 makes it harder for intruders 
to discover the OpenSSH server by performing a port 
scan of the machine. Intruders expect an SSH server 
to listen on port 22, so if you move it to another port, 
then they'll have a harder time figuring out what 
service is listening on that port. To change the default 
port, go to your OpenSSH installation directory and 
navigate to the etc subdirectory. Edit the sshd_config 
file and adjust the port parameter to an unused port 
number on your system. In this article, I use port 422. 
If you're unsure what ports might be available, use the 
netstat - an command, to view all open ports. Any port 
not in the list could probably be used for OpenSSH. 
Just be sure to remember the port number because 
you'll need it to log on to the OpenSSH server later. 

Then you must also create a group file and a 
passwd file, both of which determine who is allowed 
to log on to the OpenSSH server. The group file con¬ 
tains a list of groups extracted from the local system's 
Windows registry, which OpenSSH uses to map 
permissions similar to the way Windows does. The 
passwd file contains a list of users, also extracted from 
the local system's registry, who are allowed to log on 
to the OpenSSH server. 

To create the group file, change to the OpenSSH 
bin subdirectory and type the following command: 


mkgroup -L » ..\etc\group 


fl 


Qlutions 




SOLUTION STEPS: 


I. Install and configure 
OpenSSH on the server. 


2. Install and configure 
Squid for Windows using 
Kraken Config. 


3. Install OpenSSH on the 
client computer. 


4. Fire up the server and 
connect. 


5. Configure your client 
applications. 
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This command dumps the local registry's 
groups into the group file in the etc subdirec¬ 
tory. 

Next, use the following command to create 
the passwd file that authorizes users to log on 
to the OpenSSH server: 

mkpasswd -L -u XYZ » 

. .\etc\passwd 

where XYZ is your local logon name. This 
command dumps the XYZ user's credentials 
from the local registry into the etc\passwd file. 
Do this for each user for whom you want to 
allow access. 

If you want to use Windows domain 
accounts for authentication, use the same two 
commands with a -d switch instead of the -1 
switch and specify the appropriate Windows 
domain. The mkgroup command will contact 
your PDC for the specified domain to obtain 
the list of groups and accounts. Creating these 
two files is pretty simple, but see the OpenSSH 
documentation if you need more help. 

If the username and password logon 
method isn't strong enough authentication for 
your needs, you can use even stronger authen¬ 
tication by implementing encryption keys on 
your OpenSSH installations. I don't have room 
to cover that subject here, but you can find step- 
by-step instructions in the key_authentication. 
txt file located in OpenSSH's docs\OpenSSH 
directory. It's relatively simple to accomplish. 

Note that OpenSSH installs itself as a Win¬ 
dows service that automatically starts each 
time the system is booted. If you don't want 
the service to start automatically, you need to 
adjust the service properties to require a man¬ 
ual start. On Windows Server 2003, Windows 
XP, and Windows 2000 systems, you can adjust 
the service properties by using the Computer 
Management tool in Administrative Tools. Go 
to Services and Applications\Services, right- 
click OpenSSH service, select Properties, then 
adjust the startup mode accordingly. 


Step 2: Install and 

Configure Squid for 
Windows 

Next, install Squid for Windows (http://www 
.serassio.it/SquidNT.htm) on your server sys- 

tem (e.g., not your mobile computer). To 
configure Squid for Windows, I recommend 



that you download and use Kraken Config for 
Squid (http://www.krakenreports.com/index 
.php?subPage=krakenConfig), which greatly 
simplifies configuring the proxy server. Kraken 

Config has a simple wizard that asks you for 
some basic parameters, including the local 
host name, disk cache size and the amount of 
memory Squid is allowed to use, allowed net¬ 
work addresses, and a few other simple details. 
The tool costs only $10 and, in my opinion, 
it's worth every penny. You can test-drive it 
free for 30 days, after which the monitoring 
features will become disabled, but even so, 
your Squid for Windows configuration will 
continue working. 

After you run the Kraken Config tool, edit the 
squid.conf file (in Squid for Windows's etc sub¬ 
directory) to add a line such as the following: 

http_port 127.0.0.1:3128 

This tells Squid to listen only on the localhost 
address (127.0.0.1) on port 3128. It's important 
that you add this line with the http_port direc¬ 
tive. If you don't, Squid for Windows will use 
the system's real IP address, which will cause 
Squid for Windows to be exposed to your local 
network and possibly the Internet, where oth¬ 
ers might be able to connect to it. Note that 


you can choose any unused port number you 
prefer, but you need to remember this port 
number because you'll need to connect to it 
in Step 4. 

Incidentally, another benefit of using 
Kraken Config is that when you start the Squid 
for Windows service, Kraken Config's dialog 
window, which Figure 1 shows, will appear so 
that you can monitor Squid for Windows and 
make configuration adjustments. 

Like OpenSSH, Squid for Windows installs 
itself as a Windows service that automatically 
starts each time the system is booted. You'll need 
to adjust the service properties if you require a 
manual start. To do so, follow the same instruc¬ 
tions as described near the end of Step 1. 

StGp 3; Install 
OpenSSH on the Client 
Computer 

Next, you need to install a copy of OpenSSH on 
your mobile computer system. Because you're 
using your mobile computer as a client and 
not as an OpenSSH server, you don't need to 
configure anything after installing the OpenSSH 
software on your mobile computer, fust remem¬ 
ber where you installed the software, so you can 
access the ssh command-line tool to connect to 
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An added benefit of this solution is that 
you can use it to remotely 
manage the server that runs 
OpenSSH or any systems that you have 
access to through the OpenSSH server. 


your newly built OpenSSH server. 

Again, remember that OpenSSH installs 
itself as a service set to start automatically. It's 
probably a good idea to set the service to start 
manually on your client system, unless you're 
sure that you'll use it frequently. 

Step 4: Fire Up the 
Server and Connect 

Now you're ready to start the OpenSSH and 
Squid for Windows services (if they aren't already 
started) on the server and test client connectivity. 
Afteryou start the server services, on your mobile 
workstation, open a command shell and navigate 
to the bin subdirectory ofyour OpenSSH installa¬ 
tion, in which you'll find the ssh command-line 
tool. Log on to your OpenSSH server by using the 
following command: 

ssh -p 422 -L 3127:127.0.0.1:3128 
XYZaiP 


port to port 3128 on the remote system, which 
is your Squid for Windows proxy server's port. 
If you used a different port number for Squid 
for Windows, be sure you adjust the command 
appropriately. XYZ is your username, and IP is 
the IP address ofyour OpenSSH server. 

You can use any unused port number in 
place of 3127 on the client. Remember the port 
number because you'll need it when configur¬ 
ing client applications in Step 5. 

After the ssh client opens the connection 
between your mobile system and your remote 
OpenSSH server, you'll be prompted to log 
on. Be sure to use the same username and 
password to log on that you defined in Step 1. 
This is either your local Windows username 
and password on your OpenSSH server or your 
domain username and password as derived 
from your domain controller (DC), if you used 
that method of creating the group and passwd 
files. 



Cowabunga! Connectivity 

That was easy, right? Even though this solu¬ 
tion takes only a few minutes to implement, 
you might consider making a copy of your 
OpenSSH server and Squid for Windows con¬ 
figurations on portable media such as a flash 
drive, so that you can rebuild the server side 
of the solution on another server much faster 
in the future. 

Also, be sure you test this solution before 
you go on the road, because your client, 
server, and network border firewalls might 
need adjustments to port settings or general 
rules for the OpenSSH and Squid for Windows 
services to work correctly. And finally, if your 
network uses Network Address Translation 
(NAT) and your OpenSSH server has a NAT 
address, you might need to configure port for¬ 
warding on your firewall to ensure that overall 
routing and connectivity works correctly. ^ 
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The -p 422 parameter tells the ssh client to 
connect to the OpenSSH server on port 422 (or 
the port number you defined in the OpenSSH 
configuration in Step 1). The -L parameter 
causes the ssh client to open port 3127 on the 
local machine and forward traffic sent to that 
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Step 5= Configure Your 
Client Applications 

With the encrypted connection open and ready 
to use, you can configure your Web browser 
(and other necessary applications) to use the 
Squid proxy server. Be sure to set the proxy 
server address to the localhost address 127.0.0.1 
on port 3127 (or the port you used on your 
local client computer). 

When you configure your client 
applications to use a proxy server (which 
in this case is actually the SSH client run¬ 
ning on your local system), all your net¬ 
work traffic will be tunneled over your 
secure encrypted VPN connection, which 
is routed through your OpenSSH server to 
its destination, as Figure 2 shows. However, 
if your applications don't support proxy 
connections, their traffic won't be tunneled 
over the secure connection and instead will 
travel directly over your regular network 
connection. 
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Kick Your MOBILE ADS 




PROBLEM: 

You want to perform 
physical machine to 
virtual machine migrations 
without having to deploy 
ADS to your entire 
enterprise. 


SOLUTION: 

Extend the mobile 
ADS solution so that it 
has virtual migration 
capabilities. 


WHAT YOU NEED: 

The basic mobile ADS 
solution (see InstantDoc 
ID 93625) , Virtual Server 
2005 R2, VSMT l.l 


DIFFICULTY: 

•••oo 
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Add virtual migration 
capabilities to your solution 

in just 5 STEPS by Robert Larson 


I n “ADS Unplugged" (November 2006, Instant- 
Doc I D 93625) , I showed you howto build a basic 
mobile Automated Deployment Services (ADS) 
solution that lets you perform Windows OS migrations 
with no impact on or reconfiguration of your produc¬ 
tion network. Now I want to show you how to kick it up 
a notch so that you can use this mobile solution to per¬ 
form physical machine to virtual machine migrations. 
Although I'll be discussing how to expand a mobile 
ADS installation, you can use the same concepts to 
expand an ADS installation on a network. 

So far, I showed you howto create the mobile ADS 
solution by assembling the necessary hardware on a 
mobile cart and installing the basic software, which 
consists of Windows Server 2003 Enterprise Edition, 
DCHP, and Automated Deployment Services (ADS) 
1.1. To expand this solution so that you can perform 
physical machine to virtual machine migrations, you 
need to perform five steps: 

1. Install Microsoft IIS. 

2. Install Virtual Server 2005 Release 2 (R2). 

3. Install Virtual Server Migration Toolkit (VSMT) 1.1. 

4. Create the default virtual network. 

5. Load Virtual Machine Additions. 

Step 1: Install IIS 

Because the mobile ADS solution is a single-server 
installation, you need to run and manage Virtual 
Server 2005 R2 on the same platform. To run Virtual 
Server 2005's Web-based administrative console— 
that is, the Virtual Server Administration Website—in 
this configuration, you must run IIS on the mobile 
server, which in this case, is the MobileP2V server. 
(If you're expanding an ADS installation on a net¬ 
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work, it's possible to have a central installation of the 
administrative console that manages multiple virtual 
server hosts. In this situation, IIS isn't required on 
each virtual server.) 

To install IIS, you can use either the Control Panel 
Add or Remove Programs applet or the Configure 
Your Server Wizard. The wizard simplifies the pro¬ 
cess, so let's use it. Using local administrative access, 
log on to the MobileP2V server. You need the Win¬ 
dows 2003 CD-ROM to install IIS, so place it in the 
machine's CD-ROM drive. Select Programs on the 
Start menu, then choose Administrative Tools. On the 
Administrative Tools menu, select the Configure Your 
Server Wizard option to launch the wizard. 

On the main page of the wizard, click Next. On the 
Preliminary Steps page, click Next. In some instances, 
you might be prompted with a Configuration Options 
page. If this page appears, select Custom Configura¬ 
tion and click Next. 

You should now be at the Server Roles page. Select 
the Application server (IIS, ASP.NET) option and click 
Next. You don't need FrontPage extensions orASP.NET 
for the Virtual Server Administration Website, so click 
Next again. 

On the Summary of Selections page, which lists all 
the roles that you selected for installation, click Next 
and the installation of IIS will begin. Click Finish to 
exit the wizard after the installation completes. 

Step 2: Install Virtual Server 
2005 R2 

It's now time to install Virtual Server 2005 R2. It's 
important that you use Release 2 because it addresses 
a DCOM permissions issue that its predecessor 
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doesn't address. (Windows 2003 Service Pack 1— 
SP1—increased the security of IIS by changing the 
default DCOM permissions. As a result, when you 
open the Virtual Server Administration Website in 
Virtual Server 2005, you receive an error message.) 
You can download Virtual Server 2005 R2 for free. For 
details and a link to the download, go to http://www 
.microsoft.com/virtualserver. 

Double-click Setup.exe to start the installation 
of Virtual Server 2005 R2. In the Microsoft Virtual 
Server 2005 Setup page, select the Install Microsoft 
Virtual Server 2005 R2 option to start the installa¬ 
tion process. Accept the license agreement and click 
Next. In the Customer Information page, enter your 
username, organization, and product key, then click 
Next. Because you're building a single-server solution 
and need all the components, select Complete Install 
and click Next. 

The Configure Components page, which Figure 
1, page 50 s hows, lets you specify a different default 
port for the Virtual Server Administration Website. 
However, in this case, you should leave the default, 
which is port 1024. Also leave the default option of 
Configure the Administration Website to always run 
as the authenticated user selected. (You'd select the 
option to run the Administration Website as Local 
System account if the Administration Website needs 
to be hosted on a server separate from the Virtual 
Server service.) Click Next. 

Click Install to start the Virtual Server 2005 R2 
installation. During the installation, you'll briefly 
loose network connectivity while the network drivers 
are being installed. After the installation is complete, 
you should receive a Web page with installation notes 
and links to the local installation. Click Finish to close 
the setup program. 

Virtual Server 2005 R2 is now installed, but 
there is one configuration change that needs to be 
made because of Microsoft Internet Explorer's (IE's) 
heightened security configuration. If you're run¬ 
ning Windows 2003 SP1 and you attempt to load 
the Virtual Server Administration Website, you'll be 
prompted for credentials, even if you're logged on as 
the local administrator. Although you can still use the 


Administration Website, having to enter your creden¬ 
tials every time you connect to it and every time you 
use the Virtual Machine Remote Control client can 
quickly get annoying. 

To eliminate the prompts for credentials, you 
need to add the mobile server's URL (in this case, 
http://mobilep2v) to the Local intranet security zone 
in IE. By default, this zone is configured to automati¬ 
cally provide credentials (if requested) when access¬ 
ing a Web site. Open an IE window, and choose 
Internet Options on the Tools menu. On the Security 
tab, click the Local intranet icon to modify its settings. 
You should have the security level set to the default of 
medium-low. To add the mobile server's URL to the 
Local intranet zone, click the Sites button, then click 
the Advanced button. As Figure 2, page_50_ shows, 
enter the URL and click Add. 

Step 3: Install VSMT 1.1 

The next step in expanding the mobile ADS solu¬ 
tion is to install VSMT 1.1. VSMT 1.1 is included 
in ADS 1.1, which you downloaded when you cre¬ 
ated the basic mobile ADS solution. So, VSMT 1.1 
should already be in the C:\temp directory on Mobi- 
leP2V If you didn't previously install ADS 1.1, you 
can download it from http://www.microsoft.com/ 
windowsserver2003/technologies/management/ 
ads/default.mspx. Extract the contents to the C:\temp 
directory on MobileP2V. Note that you can't install 
ADS 1.1 on a 64-bit version of Windows 2003 or on 
Windows XP. 

Follow these steps to install VSMT: 

1. Double-click the C:\temp\vsmt\vsmt_setup.msi 
file to start the installation. On the Welcome page, 
click Next. 

2. Review the EULA. If you accept the terms, select 
the Accept option and click Next. 

3. Select the Full installation option and click 
Next. 

4. Click Install. After the installation completes, 
click Next to close the setup program. 

At this point, VSMT is installed. However, I recom- 
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mend that you perform two more tasks: create 
the default virtual network to make sure that 
VSMT successfully performs migrations and 
load Virtual Server Additions to improve image 
deployment performance. 

Step 4: Create the Default 
Virtual Network 

When VSMT performs a physical machine to 
virtual machine migration, it will, by default, 
assign the virtual machine to use a virtual 
network named VMO. However, the VSMT 
installation program doesn't create this virtual 
network because it can't assume VSMT will 
be installed on the same computer as Virtual 
Server 2005 R2. So, the VSMT installation pro¬ 
gram leaves it up to you to create the virtual 
network. 

In migration scripts, you can use the 
/vsHostNet command-line option to specify 
a different virtual network to use for a migra¬ 


tion. However, if you fail to specify this option 
and the default VMO virtual network doesn't 
exist, the deployment will fail. For this reason, 
I recommend that you create the default virtual 
network, even if you don't think you'll use it. 

To create the VMO virtual network, you can 
use the Virtual Server Administration Website 
or run the createvirtualnetwork.vbs script that 
VSMT provides. To run the script, open a com¬ 
mand-shell window and type 

cscript "C:\Program Files\ 

Microsoft VSMT\Samples\ 
createvirtualnetwork.vbs" 

(The column width forces us to wrap this com¬ 
mand here, but you'd type it all on one line in 
the command-shell window.) 

Createvirtualnetwork.vbs creates the VMO 
virtual network and automatically attaches it to 
the first host adapter it finds. If you have more 
than one host adapter in MobileP2Y you need 


to verify that the VMO virtual network is bound 
to the same adapter that's running the Preboot 
Execution Environment (PXE) service (in this 
case, 10.10.10.1). 

Step 5: Load Virtual 
Machine Additions 

To improve image deployment performance in 
Virtual Server 2005 R2,1 recommend that you 
load driver files from Virtual Machine Addi¬ 
tions (VMAdditions.iso) into the ADS Deploy¬ 
ment Agent Builder service repository. If you 
do so, the ADS Deployment Agent Builder 
service incorporates the driver files into any 
source-computer image, which will reduce the 
amount of time required to deploy the image 
during migration. 

In Virtual Server 2005 R2, Virtual Machine 
Additions are distributed on an ISO image 
file and are packaged in an .msi file for ease 
of installation. Thus, you can use one of 
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Learning Path 


two methods to obtain the three driver files 
you need. The first method involves copying 
Virtual Machine Additions.msi from the ISO 
file, retrieving the driver files from Virtual 
Machine Additions.msi with a tool that can 
extract files from an .msi file, and copying the 
driver files to the C: driver on MobileP2V The 
second method involves copying the three 
driver files from a virtual machine on which 
Virtual Machine Additions has already been 
installed. 

I'll assume you already have an existing 
Windows 2003 virtual machine that has Virtual 
Machine Additions installed, so let's take a 
look at the latter method: 

1. Copy the three necessary driver files— 
msvmscsi.sys, vmadd_msvmscsi_sys.cat, and 
vmsrvc.sys—from the virtual machine to the 
MobileP2V machine's C:\temp directory. On 
the virtual machine, you'll find these driver 
files at 

• C:\ProgramFiles\VirtualMachine 
Additions\msvmscsi.sys 


• C:\Program FilesWirtual Machine 
Additions\vmadd_msvmscsi_sys.cat 

• C:\Windows\System32\Drivers\ 
vmsrvc.sys 

2. Copy the three driver files in the 
Mobile-P2V machine's C:\temp direc¬ 
tory to its C:\Program Files\Microsoft 
ADS\nbs\repository\User\PreSystem 
directory. 

3. To configure the ADS Deployment 
Agent Builder service, copy four files 
from the ADS and VSMT install points 
to the C:\Program Files\Microsoft ADS\ 
nbs\repository\User\PreSystem direc¬ 
tory. Those four files are: 

• C:\Program Files\Microsoft ADS\nbs\ 
repository\Windows\intelide.sys 

• C:\Program Files\Microsoft ADS\nbs\ 
repository\Windows\pciidex.sys 

• C:\ProgramFiles\MicrosoftVSMT\ 
Samples\vsmt_scsi.inf 

• C:\ProgramFiles\MicrosoftVSMT\ 
Samples\vsmt_ide.inf 


Microsoft* 

Vi rtual Server 2005 R2 Configure Components 

EnletprteEtftbri 3 r 


The Virtual Server Administration Website will be added to Internet Information Services (IIS) as a 
new website. Enter a TCP port to be assigned to this website. 


Website port: 



^ Configure the Administration Website to always run as the authenticated user 
(Recommended for most users) 

Configure the Administration Website to always run as the Local System account 
(Required for constrained delegation) 


Figure 1: Configuring the Virtual Server Administration Website 


Add this Web site to the zone: 


| http://mobilep2v 


Add 

Web sites: 




Remove 


P Require server verification (https:) for all sites in this zone 


Figure 2: Adding the mobile server’s URL to the Local intranet zone 
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4. Restart the ADS Deployment Agent 
Builder service using the Microsoft Manage¬ 
ment Console (MMC) ADS snap-in. 

The driver files from Virtual Machine Addi¬ 
tions are now preloaded and will be used for 
any future image deployments. You don't need 
to perform these tasks again for subsequent 
migrations. 


Ready to Migrate 

You successfully installed IIS, Virtual Server 
2005 R2, and VSMT 1.1 on your mobile ADS 
solution. In addition, you made some modi¬ 
fications to eliminate some annoying prob¬ 
lems and provide better performance during 
image deployment. Your extended mobile 
ADS solution is now ready to be put to use. In 
case you're unfamiliar with VSMT, I'll explain 
how it works and demonstrate how to use the 
extended mobile ADS solution to perform a 
physical machine to virtual machine migration 
in a future article. ^ 
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Develop a 

STORAGE 
STRATEGYwith 

COMPLIANCE in Mind 


How different 
regulatory 
requirements drive 
storage needs 


Tf | ^ professionals deal with dozens of regula¬ 
tory and business-compliance requirements 
X X. that affect storage management, yet often 
their companies choose storage solutions with little or no 
consideration for how those solutions can help meet com¬ 
pliance requirements. I've chosen three common regula¬ 
tory-compliance areas—the Health Insurance Portability 
and Accountability Act (HIPAA), Securities and Exchange 
Commission (SEC) Rule 17a-4, and the Sarbanes-Oxley 
(SOX) Act—to illustrate the different compliance needs 
that can affect storage management. In future articles in 
this series, we'll delve into specific storage solutions to meet 
compliance needs. 


those problems, you need a strategy to address the regula¬ 
tory-compliance requirements regarding data storage. You 
need to analyze your storage requirements in a horizontal 
fashion, given how storage underlies almost every corpo¬ 
rate computing activity. Doing so will help you develop a 
strong storage model that can help your company meet 
compliance needs without sacrificing usability and acces¬ 
sibility. 


The Storage Perspective 

With all the compliance and regulatory issues that corpo¬ 
rate enterprises deal with, the concerns of a storage admin¬ 
istrator don't usually get the attention they deserve. This is 
because senior management considers IT from a vertical 
perspective. That is, management looks at IT as a discrete 
set of issues, where each problem and its solutions get stuck 
in a box, and that collection of boxes is the IT department's 
responsibility to handle without affecting the business 
workflow or user experience. This prevalent attitude among 
senior management has its own pitfalls, especially in the 
area of network storage. 

What corporate management needs to accept and cor¬ 
porate IT needs to learn is that certain technologies such as 
network security and storage management cut horizontally 
across the enterprise. No one would argue that network 
security isn't important to consider across the enterprise, 
but the reality is that in most cases it's still treated more 
as a vertical responsibility: One group is responsible for 
perimeter security, another group is responsible for appli¬ 
cation security, and yet a third group is responsible for data 
security. Worse yet, each of those groups might be divided 
into smaller areas of responsibility, resulting in minimal 
coordination or cooperation between those responsible for 
maintaining security at the hands-on level. 

This lack of coordination is especially prevalent in stor¬ 
age management. Everyone, from entire departments down 
to individual users, tends to consider the storage to which 
they have access as theirs. This attitude simply exacerbates 
the problems that IT encounters when trying to implement 
a comprehensive storage management strategy. Yet despite 


HIPAA and Storage 

With the case of HIPAA, it's obviously important not to lose 
patient information, but the key to the regulatory coverage 
is protecting the privacy of that information. This means 
that you need to maintain careful control over who can 
actually read the data through the backup and restore pro¬ 
cess, not to mention who can request that IT provide data 
restoration. Not all data protection schemes will provide for 
this level of data-access security, yet in a HIPAA-mandated 
environment, data-access security should be one of the 
primary considerations in the implementation of any 
data protection, backup, and recovery solution. 

You'll need to translate the various HIPAA require¬ 
ments for administrative, physical, and technical 



Regulatory Standards 
and Storage 

Consider the variety of commonplace regulatory standards, 
ranging from the privacy requirements of HIPAA, to the 
progressive archival requirements of SEC Rule 17a-4, to 
the compliance requirements of SOX. All impose specific 
explicit or implied responsibilities on corporate storage. 
What companies rarely consider is that the business's 
regulatory environment should determine the selection of 
storage and a storage management strategy. Rather than 
trying to make an existing storage solution solve problems 
for which it wasn't designed, it's far more practical to factor 
in compliance issues when you're making decisions about 
new or expanded storage environments. 

Using our three regulatory examples (HIPAA, Rule 
17a-4, and SOX), let's look at the most common of storage 
concerns—backup and recovery. In all three compliance 
areas, it's essential to have reliable backups and the ability to 
recover accidentally deleted information, but the priorities 
and specific details of this requirement differ with each set 
of regulations. 
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HREQUIREDREADING I Storage and Compliance 


safeguards to actions related to storage, rang¬ 
ing from what type of written policies and pro¬ 
cedures you keep regarding the use of network 
storage to the possibilities of hardware-based 
data encryption done at the storage-server 
level. HIPAA requirements affect storage poli¬ 
cies throughout the equipment life-cycle, from 
the point of introduction to the network to how 
equipment must be disposed of, with the goal 
of protecting the privacy of the potential data 
stored on that hardware. 

In regard to storage management, a busi¬ 
ness's primary concern under HIPAA is pro¬ 
tecting stored data from unauthorized access. 
Everything else is secondary, because if the 
primary requirement is abrogated, the poten¬ 
tial exists for serious legal action against the 
business. This mandate for protection of stored 
data places the added burden on administra¬ 
tors of making sure to clean up the tracks a 
file leaves within the computing environ¬ 
ment. Temporary files, copies of files on client 
computers, retired backup tapes, or any other 
location where data might once have resided 
must be sanitized. That is, not only must you 
delete all files, but information such as all ref¬ 
erences to files, all random pieces of data on 
disk, and ACLs. Although data protection from 
unauthorized access is always on the mind of 
the storage administrator, HIPAAs regulatory 
requirements complicate storage practices 
immensely. Even a file deletion is no longer 
simple, and storage policies and procedures 
must reflect this reality. 

Simply put, HIPAA requirements change 
the standard corporate storage management 
mindset and affect all network-attached com¬ 
puting activities. Given the nature of the mod¬ 
ern medical environment, this means that 
storage management policies and practices 
apply horizontally across a broad variety of 
vertical applications. 

SEC Rule 17a-4 
and Storage 

Now let's look at SEC Rule 17a-4. In this case, 
although data privacy is important, the regula¬ 
tion focuses on data accessibility, specifying 
what types of data must be kept available and 
for how long. Therefore, data-storage require¬ 
ments depend on the type of data and its par¬ 
ticular set of requirements. 

Time periods for data retention under 
17a-4 fall into four categories: two years, three 
years, six years, and for the life of the business 
enterprise. It's therefore crucial that you're able 
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to classify your data and how it will be stored. 
Additionally, the regulation uses the phrase 
"easily accessible place" to describe where 
much of the covered data should be stored. 

Given these requirements, it's clear that 
your backup strategy must be one of the driv¬ 
ing factors in the storage implementation plan. 
And given that the regulation covers communi¬ 
cation between broker and client and requires 
the storage of that communication, integration 
of the data backup and recovery scheme with a 
business's email software is required, to meet 
the regulation's "easily accessible" clause. 

To comply with 17a-4, a business will need 
to implement a multi-tier storage architecture 
that comprises online, nearline, and offline 
storage, depending upon the point in the 
information life cycle where each piece of 
affected data currently resides. To meet this 
requirement, then, when you evaluate storage 
solutions, look for a comprehensive hard¬ 
ware platform that includes a suitable storage 
management component, which addresses 
information life-cycle needs while requiring 
minimal work on IT's part. 

Compliance with 17a-4 also requires tight 
integration of email with backup storage. The 
ability to reliably and easily recover email 


that could be as much as three years old is a 
requirement that could cause serious prob¬ 
lems with email servers for a large business that 
needed to retain its messages online as part of 
the active mail store. Maintaining email-server 
performance at a high level is generally at odds 
with keeping huge amounts of archival email 
online, so the ability to migrate email data to 
an accessible, but not primary, storage location 
becomes another motivating factor in the data 
management plan. 

In this storage environment, capabilities 
such as self-recovery and online backup 
and restore go a long way toward fulfilling 
regulatory requirements. But you need to 
maintain complete and thorough data back¬ 
ups, because simply clicking the delete but¬ 
ton on an email in a user's inbox can violate 
the applicable rule. You need to maintain 
storage on the network, or on any location 
that's kept backed up and current, to avoid 
inadvertently violating regulatory require¬ 
ments. Complying with 17a-4, therefore, will 
require large amounts of storage, for which 
you'll need to have practices and processes 
to keep it backed up and technology and 
processes to keep that backed-up data easily 
accessible. 


Steps in 

DESIGNING A STORAGE 
COMPLIANCE STRATEGY 

N o matter what your compliance needs, you need to consider certain things when 

evaluating storage for regulatory-compliance purposes. I’ve found these steps helpful to 
follow in designing a storage compliance strategy. 

I. Determine what regulations affect corporate storage needs. 

2. Assess whether storage needs and compliance requirements affect the entire company or 
just specific business units. 

3. Determine what, if any, data-retention requirements your company must comply with. 

4. Verify whether your company must meet specific site-storage requirements. Evaluate what 
type of storage devices best serve the retention needs. 

5. Determine what, if any, requirements exist for data security (above and beyond normal cor¬ 
porate practice). 

6. Decide whether you can extend existing storage security to meet the regulatory 
requirements. 

7. Look for a comprehensive solution that meets compliance needs instead of jerry-rigging a 
piecemeal solution. For example, there are Value Added Resellers (VARs) who specialize in 
vertical markets and produce solutions that combine backup, storage, and management 
specifically to meet particular compliance needs. 

8. Implement storage policies and procedures that enable your organization to meet 
regulatory-compliance requirements. 
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SOX and Storage 

Storage compliance under SOX is both easier 
and more difficult than the other compliance 
areas we've examined. It's easier because, at 
its simplest, SOX requires everything involved 
in corporate activity to be stored somewhere 
for possible retrieval. This requirement makes 
large amounts of physical storage (e.g., NAS, 
enterprise SAN setups) a practical way to store 
masses of data in a manageable fashion. Add in 
the capability to securely back up and restore 
that data, and you've probably covered all the 
bases. The difficulty in determining a SOX- 
compliance strategy lies in determining what 
to save and what to discard. 

Auditors who specialize in SOX compliance 
can give you the information you need to build 
the type of storage network that's appropriate 
for your environment. Without this type of 
careful analysis, businesses can end up storing 
everything, which not only can become a net¬ 
work-storage-management nightmare but can 
have unexpected consequences in the event of 
regulatory litigation. IT has a responsibility to 
make sure regulatory requirements are met, 
but because this is such a specialized area, 
determining applicable due diligence should 
be done with the assistance of the appropriate 
auditors. 

Compliance Needs Drive 
Storage 

It should be clear by now that regulatory com¬ 
pliance should be a primary driver when you 
select storage hardware and storage manage¬ 
ment software. After you determine what stor¬ 
age environment can appropriately handle the 
applicable regulatory constraints, you'll find 
it's a much simpler task to manage that storage 
so that you minimize any chance of a failure 
that might expose the company to litigation. 
Although regulatory requirements are well 
defined, the solutions for complying with them 
aren't. Therefore, you need to carefully analyze 
business needs as well as business workflow 
to determine how best to use a storage model 
while maintaining regulatory compliance. (For 
a checklist to help you evaluate your storage 
compliance needs, see the sidebar "Steps in 
Designing a Storage Compliance Strategy," 
page 56.) Keep in mind that you can meet 
storage requirements by using a horizontal 
solution that provides appropriate storage to 
all parts of the corporate enterprise while solv¬ 
ing the regulatory storage problems. ^ 
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HOSTED 

APPLICATIONS 

Understand the pros and cons of going with a service provider 


T he 1990s saw a big investment in application ser¬ 
vice providers (ASPs)—Internet-based companies 
that were going to provide businesses with the 
applications they needed. Although the idea was sound, 
ASPs didn't take off and many providers bit the dust. 

However, the hosted-application market didn't disap¬ 
pear completely, and in the years since there has been 
a slow but definite trend toward a general acceptance 
of what is now more commonly known as the remotely 
hosted-application model. Both client- and server-side 
applications are available to businesses, and there are 
strong arguments for implementing some hosted applica¬ 
tions in almost every environment. 

Hosted applications of all sorts have one big advan¬ 
tage: fixed monthly costs. You can accurately forecast 
how much you'll spend on hosted applications because 
you know how much you're paying per user. If you're 
self-hosting, you always need a cushion to deal with the 
unexpected problems that crop up even in the best IT 
organizations. Let's take a look at the different types of 
remotely hosted applications and the things you need to 
consider before giving your business to a hosted-applica¬ 
tion provider. 

Web Sites 

Web sites are the most commonly hosted applications. 
Only very large businesses host their own Web sites 
internally, and there are many good reasons not to do so, 
especially if the business has high-traffic Web sites. It's 
very expensive to build and manage the infrastructure 
necessary for a high-traffic Web site, and the ISPs that offer 
Web hosting services are equipped to do just that. If your 
line of business (LOB) requires Web sites to be available 
to the public at all times, it makes sense to host those sites 
through a provider that offers the necessary hardware, 
software, and networking redundancy. I'm not saying 
you can't grow your business with the intent to bring Web 
hosting in house, but the investment necessary for the 
infrastructure can usually be better spent in some other 
aspect of your business. 

If you decide to host your LOB Web sites offsite, you 
must have a reliable Internet connection so that your users 
and customers can connect to the hosted applications. 
If you look at the vast majority of ISPs used by small-to- 
midsized businesses (SMBs), you won't find many service 


level agreements (SLAs). For example, if you read the fine 
print on business Internet connectivity TV commercials, 
you'll notice it states that connectivity and performance 
aren't guaranteed. SLAs are available, but guaranteed con¬ 
nections are costly, and you must factor that expense into 
the overall price/value matrix that you use to determine 
whether remotely hosted Web sites make sense for your 
business. 



Email 

The office-automation application that's most commonly 
hosted remotely is email. Hosted email makes a lot of eco¬ 
nomic sense and ranges from simple SMTP/POP3 email to 
a full-blown hosted Microsoft Exchange server implementa¬ 
tion. Keeping email applications running has always been 
somewhat complex, especially now that there's a need to 
scan and filter email to cut down on junk mail, spam, and 
email-borne malware. 

Many SMBs simply use the free email provided by the 
ISP that hosts their Web sites. Even inexpensive hosting 
packages let businesses set up hundreds of individual email 
accounts, usually using SMTP/POP3. However, such pack¬ 
ages typically don't include managed email, email backup, 
or integration of email with other applications. Some basic 
spam prevention might be included, but it's rarely accurate 
or reliable and usually filters only inbound traffic. And 
although many ISPs support standard email clients and 
provide a Web interface to their free email accounts, the 
Web interface is typically very basic, lacking filtering and 
mail management tools. 

The next step up from free ISP-provided email accounts 
is hosted Exchange Server email. In this case, businesses use 
a remotely hosted and managed Exchange server and have 
access to all the capabilities of that server. Users have full 
use of the Microsoft Office Outlook email client (including 
scheduling, calendaring, and notes) and get mail-specific 
functionality, such as Outlook Web Access and Outlook 
Mobile Access. The responsibility for maintaining the 
Exchange server falls on a service provider that specializes in 
maintaining the Exchange environment. Hosted-Exchange 
providers can provide these services at a reasonable price 
because they spread operational costs across multiple 
customers. At this level, customers don't get their own 
dedicated Exchange server, but share the resources of 
an environment with other customers. 
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Most providers offer a step up from this 
basic service to what's called a managed 
server—an Exchange server that's dedicated 
to a specific customer. Your business gets its 
own server, which is located in the provider's 
data center. Many providers offer businesses 
the opportunity to co-manage the server 
with the provider, which lets businesses run 
their own custom applications on Exchange 
while taking advantage of the security and 
management services offered by the remote 
provider. 

Outsourcing email can significantly reduce 
costs for small organizations. Hosted-Exchange 
providers claim that organizations with fewer 


than 100 mailboxes will benefit from their 
services. These claims are based strictly on the 
cost of running and maintaining Exchange, 
which can be determined fairly accurately. 

SharePoint 

Many hosted-Exchange providers can also 
host SharePoint for their managed-server and 
hosted-server customers. The provider can 
integrate Exchange and SharePoint to give cus¬ 
tomers the ability to build a hosted collabora¬ 
tive workgroup environment. Most Exchange 
hosting providers add an incremental charge 
for SharePoint hosting, based on the number 
of users and the amount of storage the busi¬ 


ness customer wants to dedicate to users. 

Hosted email and SharePoint services 
make a compelling business case to many 
businesses. These services let even small busi¬ 
nesses fully utilize email and related services 
without requiring an up-front investment in 
hardware and software or imposing significant 
ongoing costs for maintenance and support. 

Business Applications 

Another level of remotely hosted services con¬ 
sists of complex applications such as Oracle and 
Microsoft SQL Server and the enterprise-class 
applications that run on top of them, such as 
those from PeopleSoft, SAP, and Siebel, and 
especially customer relationship management 
(CRM) applications. End-to-end solutions are 
available that provide the hardware and soft¬ 
ware to run these applications, as well as the 
specialized expertise necessary to make them 
work, which is often the biggest stumbling block 
to the adoption of such complex technologies. 
Although the initial purchase price can be 
significant, the ongoing investment in the skills 
needed to get the most value from these appli¬ 
cations eventually dwarfs the startup cost. 

In this environment, the biggest advantage 
that hosted-application providers can give cus¬ 
tomers is the expertise necessary for the exceed¬ 
ingly complex applications involved. Businesses 
that use such services can realize cost reductions 
of as much as 50 percent compared with the 
cost of an in-house implementation. It makes 
far more sense to use a hosted service than it 
does to make the up-front investment in the 
infrastructure needed to support a pilot project 
or even to simply evaluate a technology. 

A variety of hosted CRM applications is 
available for businesses. Major application 
vendors, such as IBM, offer hosted versions 
of very high-end database-based CRM prod¬ 
ucts. The biggest impact on CRM has come 
from hosted providers such as salesforce.com, 
which offers CRM solutions appropriate for 
small businesses (fewer than five users) as well 
as businesses with thousands of users. CRM is 
an appropriate fit for the hosted-application 
business because a sales force needs to be 
able to access its data anywhere. A Web-hosted 
CRM application lets your sales staff access its 
information wherever an Internet connection 
is available. Although the same can be said of 
almost any hosted application, accessibility is a 
major business advantage for a CRM solution. 

Deciding to use hosted enterprise-class 
applications requires extensive research. 


HOSTED APPLICATIONS CHECKLIST 


Are remotely hosted applications right for your business? Answering these questions will help 
you decide. 

STEP I: Analyze Business Needs to Determine Which Applications Are 
Suitable for Remote Hosting 

□ Is your business an SMB that needs to support a high-traffic, high-availability Web site? 

□ Do you need to provide a collaborative workgroup environment for employees? 

□ Do you use complex enterprise-class applications such as CRM? 

□ Do you want to provide a standard working environment for a group of dispersed users? 

STEP 2: Develop a Price/Value Matrix for Suitable Applications 

□ How many users will use each application? 

□ At what point does the hosted application become cost effective? 

□ Does your business’s growth path call for additional hosting services or for moving 
the application in house? 

STEP 3: Determine How Hosted Applications Will Impact Workflow 

□ Does access from any Internet-enabled location present a problem? 

□ What applications must be kept onsite? 

STEP 4: Evaluate SLAs 

□ What level of service is required for each application? 

□ What would application downtime cost your business? 

□ What are the available backup and disaster recovery options? 

STEP 5: Don’t Forget About Your Internet Connection 

□ Does your SLA guarantee acceptable connectivity and performance? Hosted 
applications are useless if your users can’t reach them or they don’t provide the 
required throughput. If your application provider is different from your ISP, you’ll also 
need to have an SLA with your ISP. 

STEP 6: Document and Diagram Your Business Process and Workflow 

□ Do you and your application provider understand and agree on who is 
responsible for hosted-application support, management, maintenance, and security? 


60 Windows IT Pro MARCH 2007 


Connecting the IT Community 


www.windowsitpro.com 














Although the low startup costs and the ongoing 
savings are significant, there are few, if any, stan¬ 
dard decision models you can use to determine 
whether a hosted CRM or other enterprise-class 
application is a good choice for your business. 

Client Applications 

Hosted client applications make standard 
office automation tools, such as word pro¬ 
cessing and spreadsheets, available through 
a Web site. The most commonly hosted client 
application is Microsoft Office. In hosted cli¬ 
ent applications, you're effectively running a 
hosted Citrix or Windows Terminal Services 
environment. The client uses RDP or ICA to 
connect to the hosting server from his or her 
local computer. Because hosted client applica¬ 
tions are accessible from any Internet-enabled 
location, they're useful for businesses that 
are geographically widespread. Hosted client 
applications let businesses ensure the same 
working environment for all users without 
having to worry about configuration, manage¬ 
ment, or user support. 

However, hosted client applications 
require an Internet connection. Users who 
aren't connected can't do any work because 
they don't have a local application to use 
when they're offline. You also need to main¬ 
tain sufficient network bandwidth to assure 
acceptable user response times in periods 
of peak use. The metric for determining the 
value of a remotely hosted client environment 
isn't as clear as it is for many other hosted 
applications. Google's free Web-based word 
processor, spreadsheet, and calendaring soft¬ 
ware is an example of a fully hosted end-user 
application environment. 

Coming to a Decision 

Making the decision to use hosted applica¬ 
tions requires you to carefully evaluate the costs 
involved as well as the advantages and disad¬ 
vantages for your business. Even the apparently 
simple choices need to be analyzed based on 
what your business plans to do with the ser¬ 
vice. For example, if basic email services are 
all that your business requires, the choice of 
hosting providers is broad, whereas the choice 
of vendor and the services available becomes 
more critical if you plan to build business- 
critical collaborative environments. You're likely 
to find that in most cases a combination of hosted 
services and internally supported applications is 
the proper mix for your environment. ^ 
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SHAREPOINT Q FEATURE 


L et’s continue our journey into Microsoft 
Office SharePoint Server 2007 to gain 
an understanding of its new features 
and capabilities. In “SharePoint Server 2007 
Unleashed,” InstantDoc ID 94652, I covered 
seven “experiences” that I designed to intro¬ 
duce you to SharePoint Server 2007 function¬ 
ality. Now let’s look at eight more experiences 
(including one that repeats a lesson from last 
time), which will help you become familiar with 
SharePoint Server 2007 sites, lists, and librar¬ 
ies, as well as SharePoint workflow, forms, and 
business intelligence. 

Experience 8: 

Content Management 

SharePoint content management lets you 
control when, by whom, and how content 
gets published to an intranet or Internet 
site. We’ll use SharePoint’s default News 
site to look at some of the fundamentals 
of content management in SharePoint. 
Because this experience is browser 
based, you don’t need any Microsoft 
Office 2007 applications for it. 


Go to the News tab in the top link bar, 
then click News, Sample News Article. 
We’ll begin by modifying this existing sam¬ 
ple article, then we’ll create a new article. 
Click the Site Actions button on the upper 
right side and choose Edit Page. 

You’ll see the page change into Edit 
mode, which Figure 1 shows, which dis¬ 
plays the Page Editing toolbar. You can 
use the toolbar controls to change the 
content of this article. You’ll see labels 
for content components, such as Page 
Image, Article Date, Byline, Content, 

Image Caption, and Rollup Image, which 
appear as a result of the specific page 
layout that was chosen. Notice that when 
you edit a content component, you use a 
rich, Microsoft Office Word-like WYSIWYG 
editor that you can configure to include 
features you want. Besides editing, you 
can format text, embed pictures, and cre¬ 
ate tables. You’ll learn more about page 
layouts in a moment, but for now, change 
the title, date, byline, and content. The 
layout itself will look much better when the 
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Figure 1 : Using the Page Editing toolbar 
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article is not in Edit mode, and you can 
choose Preview In New Window from the 
Tools menu to see that. 

When you’re finished, click the Publish 
button to make the edited page visible to 
users. Pages can be submitted as drafts 
by clicking Check In To Share Draft, in 
which case the page becomes a minor, 
or “dot” version (e.g., version 0.1 or 1.3). 
Draft versions aren’t visible to all site users. 
When a page is approved and published, it 
becomes a major version (e.g., 1.0 or 2.0). 
You can configure who is allowed to view 
drafts and workflows to determine who 
can approve a submitted draft. You’ll learn 
more about workflows in a later experi¬ 
ence. 

Now let’s create a new page. Click 
Site Actions, Create Page. Give the page 
a title (I chose “More Good News”) and a 
URL (I used moregoodnews). Then select 
a page layout. The page layout you select 
determines the content components of 
the page. The page we edited earlier was 
the Article page with image on left layout. 
Click Create and the page will be cre¬ 
ated and put immediately into Edit mode. 
Create some content for your article and 
click Publish to publish it. Page layouts 
can be completely customized by using 
Microsoft Office SharePoint Designer 2007 
or Microsoft Visual Studio 2005. 

Experience 9: 

Content Queries and Roll Ups 

SharePoint Server lets you query content 
from one site or across multiple sites and 
“roll it up” for display in one place. Go to 


the News home page. Click Site Actions 
and choose Edit Page. You use the 
same command that we used to mod¬ 
ify the article to modify Web part pages 
such as at each site’s home page. In 
Edit mode, you can see the three Web 
parts that make up the News site. In 
Figure 2, the Web parts appear in the 
main section of the window, each in 
their own box below an Add a Web 
Part heading. 

Click the edit button on the Recent 
News Web part, and choose Modify 
Web Part. As Figure 2 shows, a panel 
will open on the right of the screen 
to show the Web part’s properties. In 
our example, this Web part is, in fact, a 
Content Query Tool Part, one of the Web 
parts installed by SharePoint Server 2007. 
The Recent News Web part queries all 
news articles and, importantly, sorts them 
in descending order of date modified and 
limits display to only one item. In this way, 
the “headline” on the page will always 
show the most recently published News 
page. 

The News Roll Up Web part is also a 
Content Query Tool Part. You can con¬ 
figure this Web part to sort news articles 
by such variables as date created or date 
modified, and to display news articles in 
ascending or descending order. You can 
also configure how many articles to display. 

Experience 10: 

RSS Aggregation 

Although you can use an external feed 
reader to subscribe to a SharePoint library 
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or list, Windows SharePoint Services 
includes an RSS Viewer Web part, which 
you can insert in any Web part page. 

On the News home page, click Site 
Actions, Edit Page. Click the edit button 
on the RSS Viewer Web part and choose 
Modify Web Part. In the RSS Viewer Web 
part properties panel, expand the RSS 
Properties section and enter an RSS 
feed URL. I used http://blogs.msdn.com/ 
sharepoint/rss.xml, which is the Microsoft 
SharePoint team's blog. Click UK, then 
click Publish. You should see an RSS 
aggregation on your SharePoint page. 

Experience 11 : Deja Vu: Creating a 
Departmental Subsite 

I covered this experience in my previous 
article, but before we continue, let’s cre¬ 
ate a site for the people who will write the 
check for your SharePoint Server license: 
your Finance department. 

Go to SharePoint Server’s Home tab; 
choose Site Actions, Create Site; and 
configure the site with Finance as the title, 
finance as the URL, a Team Site template, 
and unique permissions. Either add a real 
user account or create one for testing. I 
use Penny Xavier, budget manager, as an 
example. 

Experience 12: 

Report Libraries: Excel Services and 
Dashboards 

Use Microsoft Office Excel 2007 to create 
a simple worksheet that contains some 
numbers. We’ll use this to create a per¬ 
formance indicator that will appear on our 
SharePoint page, so make sure that one 
cell has a value that you can compare 



Figure 2: Editing the Recent News Web part 
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against another cell’s “goal” value. For 
example, create a spreadsheet with a 
grand total value in cell C7 and a goal 
value in cell C8. 

At the Finance site that you created 
in Experience 11, click View All Site 
Content, Create. Select a Report Library 
and call it Reports. Click the Upload 
button and upload the spreadsheet you 
created. You’ll be prompted to fill in 
document properties such as a filename, 


friendly title, description, and whether you 
wish to maintain version history for the 
report. 

Like other SharePoint Server features 
we’ve looked at, SharePoint Server’s 
Excel Services packs power. Calculations 
are actually performed on the server 
and heavy-duty crunching can even be 
offloaded to Windows compute clusters. 
However, for this experience, our budget 
manager, Penny, just needs to see the 


data to know whether the business is on 
track. 

In the Reports library, click New and 
choose Dashboard Page. Enter a file¬ 
name (I used finance.aspx), title (I used 
Finance Dashboard) and a two-column 
vertical layout, and select Create a KPI 
list for me automatically. The Finance 
Dashboard will be created. 

In the Excel Web Access [1] Web 
part, select Click here to open the tool 
pane. The page will enter Edit mode. 
When the Web part’s properties panel 
appears on the right, find the text box 
labeled Workbook and click the browse 
button. Locate the Excel worksheet you 
just uploaded, then click OK on the Web 
part’s properties panel. Because we have 
only one worksheet to upload, click the 
close button on the Excel Web Access 
[2] Web part. Click Exit Edit Mode under 
Site Actions, and SharePoint will refresh 
the page, showing your Excel worksheet 
embedded in the page, rendered by the 
Excel Web Access Web part and Excel 
Services. This view is available even to 
users who don’t have Excel installed. 

Experience 13: Key Performance 
Indicators 

Although Budget Manager Penny might 
like seeing numbers, decision-makers 
often want a quick visual cue as to what 
is, and is not, on target. Key Performance 
Indicators (KPIs) can help. In the Finance 
Dashboard, click the New button under 
Key Performance Indicators and choose 
Indicator from data in Excel workbook. 

On the Finance KPI Definitions: New Item 
page, enter a friendly name for the indica¬ 
tor (e.g., Business Performance). Click 
the Excel-like icon next to the Workbook 
URL field and browse for your report. 

After you’ve selected it, you’ll be able to 
select the cell containing the indicator 
value (the “actual” value) and the cells 
containing the goal value (“desired” value) 
and the value at which a warning should 
be triggered. Click OK to create the indi¬ 
cator, and the KPI you just configured will 
appear on the Finance Dashboard. 

Experience 14: 

Create an Expense Report and Workflow 

SharePoint Server facilitates moving your 
business processes and forms online. 

Let’s set up an online expense report sub¬ 
mission and approval application, using 
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InfoPath 2007, another application in the 
Office System. 

On the Finance home page, click Site 
Actions, Create. Select a Form Library 
and name it Expense Reports—all other 
defaults are fine. Now we need to open 
InfoPath 2007. In the Getting Started 
dialog box, select Customize a Sample 
and choose Sample - Expense Report. 
Change the header to match your com¬ 
pany name, then click File, Publish. The 
Publish command lets you save the form 
to SharePoint, but first prompts you to 
save a copy locally. 

The Publishing Wizard then appears. 
Choose the option to publish the form 
to a SharePoint Server and click Next. 


Enter the URL of the Finance site (e.g., 
http://wss01 /finance). You don’t have to 
enter the full URL for the Expense Report 
library—in fact, it doesn’t seem to help 
to do so, as you’ll be prompted for the 
library soon, anyway. 

Click Next and ensure that you select 
the options to enable the form to be filled 
out using a browser from a document 
library. Click Next again. Choose Update 
the form template in an existing document 
library, and select Expense Reports. Click 
Next two times, skipping the Column 
Name page, which we don’t need. A 
summary page appears. Click Publish. 
After the form is published, click Close on 
the final page of the Publishing Wizard. 




Now we’ll create a workflow. 

Workflows are ways to support busi¬ 
ness processes using SharePoint. We’ll 
specify that after an expense report has 
been submitted, Penny or your user must 
approve it before a check is cut. Back 
in your browser, in the Expense Reports 
library, click the Settings button and 
choose Form Library Settings, Workflow 
Settings. 

On the Add a Workflow: Expense 
Reports page, give the workflow a name 
(e.g., Expense Report Approval) and 
select the Start this workflow when a new 
item is created option and the Start this 
workflow when an item is changed option. 
All other defaults are fine. Click Next. 

On the Customize Workflow: Expense 
Report Approval page, enter Penny or 
your user’s name as an approver. Click 
Check Names to confirm that you entered 
a recognized name—the name will 
become underlined. Alternatively, you can 
click Approvers to find your approvers. 
Approvers can be individual users and/or 
groups. At the bottom of this page, select 
Update approval status when the work- 
flow is complete. 

Now comes the moment of truth. 

Test it! In the Expense Report library, 
click New. On a computer with InfoPath 
installed, the form will open in InfoPath, 
ready for the user to complete with the 
full functionality provided by the stand¬ 
alone InfoPath client. On a computer 
without InfoPath, the form will open in the 
browser. 

Fill in the form and click Submit at the 
top or bottom of the form. If you have any 
trouble with that in your test environment 
(which I did), just click the Close button 
at the top of the form and then save the 
report when prompted. 

Now, let’s see if the workflow triggered 
correctly. Click the Tasks link in the Ouick 
Launch navigation. You should see the 
task for your user to approve the just-sub¬ 
mitted expense report. 

Experience 15: My site 

We don’t want our users to have to look 
for their tasks. Although users could 
subscribe to Alerts or RSS feeds from a 
task list, or integrate a SharePoint task 
list directly into Microsoft Office Outlook 
2007, a better solution is to use My Site. 
My Site, which Figure 3 shows, is a user’s 
personal portal. You can customize, and 
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manage it, and push content to it. 

Open a separate instance of Microsoft 
Internet Explorer (IE) and browse to the 
Finance site. You’ll likely be authenticated 
as yourself. Click the Welcome link with 
your name at the top of the page and 
you’ll see a dropdown menu that lets you 
sign on as a different user. Log on as your 
test finance user (e.g., Penny Xavier). You’ll 
see the Welcome link change to indicate 
your new credentials. 

Click the My Site link next to the 
Welcome link at the top right of the win¬ 
dow. The first time a user clicks My Site, 
SharePoint generates a personal site for 
the user. The personal site has many 
capabilities, and the one we’ll look at right 
now is task roll up. After the user’s My 
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Site has been created, you should see 
Finance listed in the SharePoint Sites sec¬ 
tion. This list of sites is dependent on the 
user belonging to the site, so if you don’t 
see the Finance site on the list, perhaps 
you forgot to give the user permission to 
it. You can also click the Sites dropdown 
menu and add the site manually. 

When you click the Finance button, 
you’ll see the titles of tasks, as Figure 
4 shows. Users can browse tasks by 
department, team, or project, depending 
on how you’ve configured the site struc¬ 
ture. 

The Journey Continues 

After your users experience SharePoint, 
they might realize its potential for sig- 
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nificant ROI. In the future, I’ll provide 
guidance about how to plan for, deploy, 
administer, optimize, secure, and trouble¬ 
shoot what is arguably the most important 
new product from Microsoft in six years. 
Join me at the Windows IT Pro SharePoint 
Web site, http://www.MySharePointPro 
.com, to discuss SharePoint and to share 
in the collective knowledge of a great 
SharePoint community. ^ 
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Getting to Know Office 2007 

Answers to your questions about the new 
Microsoft Office 2007 system 

by Dan Holme 


Q: Why does my Pivot Table have an 
expander (a “+” icon) preceding a row 
of data? 

A: Pivot Tables can now support hierarchi¬ 
cal data by displaying a row in the table 
with a preceding expander, which, when 
clicked, shows subsequent rows relating 
to the original row. These subsequent rows 
can also be hierarchical. Other changes 
to Pivot Tables include the ability to sort 
and filter data independently within a Pivot 
Table and apply conditional formatting 
within a Pivot Table. 

Q: When I perform a search in 
Microsoft Office OneNote 2007, I’m 
seeing some of my pictures (screen 
shots) come up in results. What’s going 
on? 

A: It’s pretty cool, actually. OneNote 2007 
now performs optical character recogni¬ 
tion (OCR) on all the graphics in your 
notebooks, and any text that it recognizes 
comes up in your search results. If you 
start storing audio notes (I do that) or stor¬ 
ing video files (I’m still thinking of a cool 


reason to do that!), OneNote will analyze 
the audio (or audio portion) of the file for 
words it recognizes, then index those. I 
haven’t tested OneNote 2007’s audio and 
video search functionality much, so I can’t 
comment yet on how well it works, but 
the audio/video indexing will change your 
search results as well. If you want to turn 
off the audio/video indexing, click Tools, 
Options, Audio and Video; scroll down to 
Audio Search; then enable or disable by 
selecting or clearing the check box. 

Q: Can I blog a Word document? 

A: Yes, you can. Now, before you smack 
me and take away my HTML license, the 
HTML output to the blog is not as bad as 
you might suppose based on your prior 
HTML experience with Word. 

True, in previous versions of Word if you 
copied and pasted a document’s HTML 
code into a Web page for public display, 
your HTML friends would take you out back 
and persuade you never to do it again. 

In Word 2007’s blogging features, 
Microsoft seems to be trying to leave out 
extraneous code and just provide useful 


HTML. The code exported to a Weblog 
is fairly tidy, and the extra code you were 
accustomed to seeing in previous HTML 
output from Word is no longer there. 
Depending on your blog provider, you’ll 
learn what tags and styles work well and 
which ones don’t. Translation is very basic: 
“Heading 1” in Word becomes <h1>, bold 
text becomes <strong>, and so on. The 
first time you post to a blog from within 
Word 2007, you’ll be prompted to enter 
your credentials and the URL to your blog. 
Different blog providers have slightly dif¬ 
ferent API and endpoint usage, so check 
with them for details about endpoint 
addresses and custom API calls that are 
available. ^ 
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Got questions 
about Microsoft Office? 


Send them to Dan Holme at danh@intelliem 
.com. And for more Office tips and insights, visit 
http://www.MyMSOfficePro.com, an upcoming 

new community for IT professionals, developers, 
and end users interested in Microsoft Office topics. 
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CorasWorks, designing and building business solutions on SharePoint can be done 
quickly, easily, and cost-effectively, IT users can save Time and money, while reducing 
their application backlog. Business users, who know best what they need to succeed, can 
create and enhance their own business applications. 

CorasWorks Accelerates Business Value 
with Microsoft® SharePoint® 

Experience how easy an d p o we rf u l i t c an b e wi t h Co rasWorks: 

Go hands-on and start creating and integrating applications - without programming! 

CorasWorks offers free, l Day, Hands-on, Workplace Workshops in a city near you. 

Register Today at www.corasworks.net/SharePoint or ca l l 1-866-580-3115 ! 

C CorasWorks* 


www.corasworks.net 














Tricks & Traps - Ask the Experts 


Q: I've started to deploy Windows 
Vista machines but can't find the 
Administrative (ADM) template 
files to manage the new Vista Group 
Policy options. Where are they? 

A: With Vista and Longhorn Server, 
Microsoft has added many new 
categories of functionality to Group 
Policy, including Power Manage¬ 
ment, which, in earlier Windows 
versions, wasn't configurable via 
Group Policy without third-party 
add-ons; drive-blocking capabilities, 
which let administrators restrict the 
USB-type devices that can be used on 
computers; better Microsoft Internet 
Explorer (IE) settings management; 
and improved printer support, 
including the ability to delegate users 
the capability to install their own 
printer drivers, removing the need 
for users to be local administrators 
of their machines. To facilitate man¬ 
agement of these new categories of 
functionality and improved manage¬ 
ability in general, Microsoft created a 
new administrative template format, 
ADMX, which is a standards-based, 
XML file format. Instead of the stan¬ 
dard seven ADM files available with 
Windows XP, Vista has 132 ADMX 
files, which provide an XML-based 
structure for defining the display of 
the Administrative Template policy 
settings in the Group Policy tools. 
You'll find them by default in the 
C:\Windows\PolicyDefinitionsfolder. 

Windows Server 2003, Windows 
2000, and XP Group Policy manage¬ 
ment tools, including Group Policy 
Management Console (GPMC) and 
Group Policy Editor (GPE), under¬ 
stand only ADM files, so it's logical to 
search for the updated ADM files for 
the new Vista Group Policy settings, 
but you won't find them. For Vista, 
Microsoft has taken the approach of 
managing Vista from Vista, which 
means you need to edit Group Policy 
Objects (GPOs) that apply to Vista 
machines from a Vista machine (or 
Longhorn when it's released). 

Vista includes GPMC as part of 
the core product. Simply start the 
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Microsoft Management Console 
(MMC), and add the Group Policy 
Management snap-in. GPMC shows 
the machine's local forest Group 
Policy information and lists all GPOs, 
which you can then edit. 

You can manage Group Policy 
for pre-Vista machines from a Vista 
machine because the ADMX files that 
ship with Vista are a superset of the 
ADM files in pre-Vista versions. Any 
settings available in the legacy ADM 
files are available in the new ADMX 
templates. If you attempt to view a 


GPO that has Vista settings from a 
pre-Vista GPMC session, the Vista- 
specific configurations will show in 
the Extra Registry Settings section 
under Administrative Templates. 

Therefore, the way forward is to 
upgrade all Group Policy adminis¬ 
trators' workstations to Vista before 
upgrading any other machines. That 
way, administrators can start config¬ 
uring the necessary Group Policy set¬ 
tings prior to a large-scale rollout. ^ 
—John Savill 
InstantDoc ID 94926 
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The Case of the Delayed Windows Vista File Open Dialogs 


This is a summary of a popular posting to Mark Russinovich’s technical blog (https://blogs.technet 
.com/markrussinovich/about.aspx), which covers topics such as Windows troubleshooting, tech- 

nologies, and security You can read the entire post at https://blogs.technet.com/markrussinovich/ 
archive/2006/ll. aspx 


L ast fall, I spoke at the Microsoft Tech Ed: IT Forum conference in Barcelona, 
Spain. The conference was a huge success, and Windows Vista, which 
I had taken on the road for the first time, performed great. However, as I was 
running through some demos, I noticed that the File Open dialog box, which is 
common to all Windows applications, would often take as long as 15 seconds to 
appear. The behavior seemed similar to the behavior I wrote about in “The Case 
of the Process Startup Delays” (http://blogs.technet.com/markrussinovich/ 
archive/2006/08/3l/453l00.aspx). In that case, Windows Defender’s remote 
procedure call (RPC) communications tried to contact a domain controller (DC), 

which resulted in hangs when the system was disconnected from its domain. 

To investigate the problem, I launched Notepad from within Windbg (part of the free Debugging Tools 
for Windows available a t http://www.microsoft.com/whdc/devtools/debugging/default.mspx) , typed Ctrl+0 
to open the File Open dialog, and when I got the hang, broke in and looked at the stack of Notepad’s main 
thread. 

A look at the function names on the stack immediately told me what was happening: When you 
access the File Open dialog box the first time within an application, it navigates to your Documents 
folder. On Vista, my folder is C:\Users\Markruss\Documents, but the shell wants to make the path in the 
dialog box’s new bread crumb bar (which shows the trail of accessed folders—i.e., breadcrumbs) pretty 
by displaying it as “Mark Russinovich\Documents.” So it calls GetUserNameEx to look up my account’s 
display name as it’s stored in my User object in Active Directory (AD). 

I set a breakpoint on the call’s return and hit it after the delay completed. GetUserNameEx returned the 
ERR0R_N0_SUCH_D0MAIN error code, and stepping through SHGetUserDisplayName revealed that it 
falls back to calling GetUserName. Instead of looking up the user’s display name, that function just obtains 
the Security Identifier (SID) of the user from the process token (the kernel data structure that defines the 
owner of a process) and calls LookupAccountName to translate the SID to its account name, which in my 
case is simply “markruss.” Thus, the Open File dialog box’s breadcrumb bar referenced “markruss.” How¬ 
ever, when I reconnected to the corporate network, the breadcrumb bar referenced “Mark Russinovich.” 

You can read the detailed description of the steps I took to solve the Open File dialog box hangs at 
https://blogs.technet.com/markrussinovich/archive/2006/ll.aspx, but to summarize, I discovered that Vista’s 
File Open dialog box tries to look up a user’s display name for the breadcrumb bar when showing the Docu¬ 
ments folder, and in the process, tries to locate a DC by sending a LAN Manager datagram via the Bowser.sys 
device driver. There’s no workaround and anyone that has a domain-joined system that’s not connected to the 
domain for more than 30 minutes will experience the same delays—at least until Vista Service Pack I (SPI).^ 

—Mark Russinovich 
InstantDoc ID 94649 
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Reader to Reader 


Create an MMC 
Snap-In for Searching 
PDF Files 

I recently called Microsoft Cus¬ 
tomer Service and Support (CSS) to 
help resolve what I thought was an 
undocumented error. As it turns out, 
the error was documented—I just 
couldn't find a reference to it in the 
80 PDF manuals that came with this 
particular Microsoft product. Luck¬ 
ily, the support engineer I talked 
with was familiar with the error and 
knew the exact manual that I had to 
reference. 

After that support incident, I 
recalled that I had used the Adobe 
PDF IFilter plug-in for the Microsoft 
Indexing Service several years ago to 
search through PDF files. Back then, I 
had only a dozen Adobe PDF files in 
a directory of hundreds of .doc, .txt, 
.html and .mht files. However, I had 
to search every file for specific text 
strings, and IFilter served this purpose 
well. 

With the propeller hat spinning full 
tilt, I decided to again use IFilter with 
the Indexing Service for the purpose 
of searching Adobe PDF files. But this 
time, I created a customized Micro¬ 
soft Management Console (MMC) 
snap-in for the UI. Although you can 
use Adobe Acrobat Reader to search 
through PDF files in a specified direc¬ 
tory, it takes an extremely long time 
if that directory is large (e.g., 65MB). 
With the MMC snap-in, the search is 
almost instantaneous. Here's how you 
can create this snap-in on your local 
computer: 

1. Go to http://www.adobe.com/ 
support/downloads/detail.jsp?ftp 
ID=2611 and download IFilter 6.0. 
This version supports most 32-bit 

Windows desktop and server ver¬ 
sions from Windows Server 2003 
through Windows 2000. (See the 
IFilter 6.0 download page for details.) 
If you already have the IFilter 5.0 
installed, uninstall it first. I found 
that version 6.0 automatically cor¬ 
rects a registry entry and a DLL 
registration that had to be manually 
corrected in version 5.0. 


2. Following the instructions pro¬ 
vided on the Adobe Web site, install 
IFilter 6.0. I chose to install it to C:\ 
Program Files\Adobe\PDF IFilter. 
After you install IFilter, restart your 
machine. 

3. Select Run under the Start menu. 
Type mmc and click OK. 

4. From the File menu, select Add/ 
Remove Snap-in and click Add. 

5. In the Add Standalone Snap-in 
dialog box, highlight the Indexing 
Service snap-in and click Add. 

6. In the Connect to Computer 
dialog box, select Local computer and 
click Finish. 

7. Click Close in the Add Stand¬ 
alone Snap-in dialog box, then click 
OK in the Add/Remove Snap-in dialog 
box. 

8. In the Console Root window, 
right-click Indexing Service on Local 
Machine, select the New option, and 
click Catalog. In the Add Catalog 
dialog box, provide a name and loca¬ 
tion for the catalog you're creating. 
If you want to put the catalog in a 
new directory, be sure to create this 
directory beforehand in Windows 
Explorer. For this example, let's cre¬ 
ate the My Documents\Index Cata¬ 
log Files\My PDFs directory for the 
catalog, which we'll name My PDFs. 
Click OK in the Add Catalog dialog 
box. When the message Catalog will 
remain off-line until Indexing Service 
is restarted appears, click OK again 
to create the catalog. In this case, 
the Indexing Service creates the My 
Documents\Index Catalog Files\My 
PDFs\catalog.wri directory. 

9. You need to stop the Indexing 
Service before you can restart it, so in 
the Console Root window, right-click 
Indexing Service on Local Machine 
and select Stop. Then, right-click 
Indexing Service on Local Machine 
and select Start. The unpopulated sta¬ 
tistics for your new catalog will appear 
in the right pane. Don't worry if only 
zeros appear. This step simply builds 
the indexing framework for the catalog. 
In step 11, you'll provide a path to the 
directory containing the PDF files that 
will populate the catalog. 


10. When you use IFilter with the 
Indexing Service, the Indexing Ser¬ 
vice indexes not only PDF files but 
also all the files it natively supports, 
such as .doc, .txt, and .html files. 
Thus, I recommend that you use Win¬ 
dows Explorer to remove any nones¬ 
sential subdirectories and files from 
the directory that contains the PDF 
files you want to be able to search. In 
my first test of the catalog, the direc¬ 
tory of PDF files I wanted to search 
had a subdirectory that contained 
50MB of streaming video files. Those 
streaming video files were indexed, 
which added an unnecessary 65MB 
to the index catalog. 

11. In the Console Root window, 
expand the directory that contains the 
My PDFs catalog. Right-click Directo¬ 
ries, select New, then choose Direc¬ 
tory. To fill in the Path field, browse 
to the directory that contains the PDF 
files you want to be able to search. For 
this example, let's say these files are in 
a directory named PDF Manuals. You 
can also enter the directory's Universal 
Naming Convention (UNC) name in 
the Alias (UNC) field if you want. Click 
OK. You can add as many directories 
as you want in the catalog by simply 
repeating this step. 

12. Right-click the path under the 
Directory header, then select All Tasks 
followed by Rescan (Full). At this 
point, if you click Indexing Service 
on Local Machine, you'll see the My 
PDFs entry starting to populate. This 
task will take about five minutes. Note 
that the more you move your mouse 
around, the longer it'll take to popu¬ 
late the catalog. Mouse movement 
causes the Indexing Service to pause 
because it perceives that movement 
as user activity on the PC. 

13. If you want to add a desktop 
icon for your new catalog, go to the 
Console Root window and expand 
the My PDFs catalog. Right-click 
Query the Catalog, then select the 
New Window option. The Query the 
Catalog dialog box should appear. 
Close the Console Root window 
behind the Query the Catalog dialog 
box because you don't need that 
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Reader to Reader 




DkiYOU o 

Know? 


If you want to know about 
the security features in 
Windows Vista, check out 
the On-Demand TechNet 
Webcast "Windows Vista 
Security Explained" at 
http://www.windowsitpro 
.com/events 


window in your finished product. 
On the toolbar, click the Show/ 
Hide console tree button so that 
all you see is the Indexing Service 
Query Form. Maximize the Query 
the Catalog dialog box. On the 
File menu, select Save As. Name 
the file My PDFs.msc and save 
it in the folder that contains the 
index framework directory (My 
DocumentsUndex Catalog Files). 
I don't recommend that you save 
it directly in the index framework 
directory (My DocumentsUndex 
Catalog Files\My PDFs) because 
if you perform an Empty Catalog 
operation, that operation deletes 
everything in that directory, includ¬ 
ing the Management Saved Console 
(.msc) file you just created. Close 
all the MMC dialog boxes. When 
you're asked whether you want to 
save the console settings, click No. 
You just saved the .msc file, and you 
don't want to overwrite that file. 


14. Use Windows Explorer to create 
a shortcut to the My PDFs.msc file. 

15. Test your new MMC by click¬ 
ing the shortcut. A window that's 
titled "My PDFs - Query the Catalog" 
should appear that contains the 
Indexing Service Query Form. 

The custom MMC works well and 
performs searches in seconds. How¬ 
ever, I've come across two quirks you 
need to be aware of: 

• When you're searching for a spe¬ 
cific term such as Root Kit Virus, 
be sure to enclose the term in 
quotes and select the Advanced 
Query option. If you don't select 
the Advanced Query option, 
the Indexing Service will return 
every document that has any of 
those words within its contents. 
Although there's a Tips for search¬ 
ing link that has a Query Syntax 
button to help with search syntax, 
I've found that the button doesn't 


work on my machine. The work¬ 
around is to use the Help Topics 
option on the Help menu. 

• If you right-click a drive in Win¬ 
dows Explorer and select Proper¬ 
ties, you'll see the Allow Indexing 
Service to index this disk for fast file 
searching check box. Do yourself 
a big favor and leave this check 
box selected, which is the default. 
I disabled this one time for a test, 
thinking I could just re-enable it, 
but doing so broke the Indexing 
Service's ability to index Microsoft 
Internet Explorer's (IE's) .mht file 
type. 

If Microsoft's Indexing Service is of 
interest to you, you can find more 
information about it in "How to 
create and configure a catalog for 
indexing" (http://support.microsoft 
.com/?kbid=308202). ^ 

—Bret Bennett 
InstantDoc ID 94950 


Are you sure your network is secure? 



Confirm your network is secure and compliant with 

RecordTS: Your Remote Desktop & Terminal 
Services “Security Camera”. 

What can RecordTS do for you? 

• First ever Citrix/ICA Session Recorder 

• Records all Terminal Server Sessions (RDP) 

• Monitors all User Activity on Your Servers 

• Provides More Information Than Event Logs 

• Provides Easy Auditing of Users & Activities 

• Prevents Corporate Data Loss 

• Assists in Detecting Unethical User Activity 

• Produces Compact, Digitally Signed Video Files 


Citrix/ICA 
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Visit www.TSFactory.com for FREE Trial. 
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The Lowdown on Takeown 

Check out this quick, simple-syntax tool for taking ownership of files 


E ver since Windows Vista appeared, readers have 
repeatedly sent me the same question: “Why can't 
I modify the HOSTS file?" Many people modify the 
HOSTS file—located in \windows\system32\drivers\etc—to 
protect the system from sites that promote the spread of 
malware. However, Vista blocks this kind of modification. By 
default, Vista administrators don't have permission to delete 
most files in the \windows directory—nor do they own those 
files. Therefore, to modify HOSTS, you first need to take 
ownership of the file. You've been able to take ownership 
of a file from the GUI ever since Windows NT 3.1, but that 
built-in capability isn't terribly useful for remote administra¬ 
tion. Fortunately, Vista and Windows Server 2003 include a 
new command-line tool called Takeown that lets you take 
ownership of files or folders. 

How It Works 

Takeown's basic syntax looks like 
takeown /f <file or folder name> 

You'll probably need to run Takeown with your full adminis¬ 
trative powers, and Vista's User Account Control might get in 
the way of that. Therefore, before you try to run Takeown, go 
to Start, All Programs, Accessories, Command Prompt—as 
you've probably done many times. But this time, in Vista, 
right-click the Command Prompt icon and choose Run as 
administrator. After you verify the action by clicking Con¬ 
firm, you'll have what Vista refers to as an elevated command 
prompt. 

You can nowtake ownership ofyour system's HOSTS file: 

takeown /f C:\windows\system32\drivers\etc\hosts 

(This command assumes that you have Vista on the C drive, 
of course. If Vista actually resides somewhere else, just 
change the drive letter.) Vista will respond with something 
like 

SUCCESS: The file (or folder): “C:\windows\ 
system32\drivers\etc\hosts" now owned by user 
<youraccountname>. 

At this point, you can assign yourself write permissions to the 
HOSTS file and make changes. 

Takeown has more options than just /f, of course. To take 
ownership of an entire tree of folders and files, you can add 
the /r option. Thus, if you wanted to take ownership of a 


folder named C:\documents, as well as any files and folders 
inside C:\documents, you'd type 

takeown /f C:\documents /r 

Tackling an Annoyance 

If you've ever tried to take ownership of a tree of folders, you 
might have run into something of an annoyance—namely, 
Windows' tendency to ask if you really, truly want to take 
ownership. Suppose, for example, that you not only don't 
own C:\documents but you also don't have permission to 
look in C:\documents. In that case, taking ownership of C:\ 
documents wouldn't equip you to take control of any sub¬ 
folders in C:\documents for the simple reason that although 
you would now own C:\documents, you would still lack the 
NTFS permissions necessary to list its subfolders. 

Feasibly, you could take ownership of each directory, 
one at a time, then add a list folders permission to that folder, 
which would let you see the subfolders in that folder, which 
in turn would let you take ownership of the subfolders. 
Thankfully, such manual labor isn't necessary: Whenever 
you use the /r option with Takeown, the command pauses 
at each folder and asks whether you'd like Takeown to add 
the list folders permission to that folder's NTFS permissions. 
That's a nice touch, but it means that taking control of a 
folder containing dozens of folders could get a bit tedious. 

The good news is that you can configure Takeown so that 
it doesn't ask you if you want to add the list folders permis¬ 
sion and instead just assumes that you'll answer yes or no. To 
do that, you use the /d option, followed by a y or an n. So, to 
take ownership of C:\documents and all its subfolders, while 
granting yourself the list folders permission, you'd type 

takeown /f C:\documents /r /d y 

Note, however, that in the process of giving you permis¬ 
sion to list folders, Takeown /r first removes any other explicit 
permissions on that folder! Inherited permissions seem 
unaffected in my tests, however. 

Own It! 

To my knowledge, Windows has previously offered only 
one command-line tool to take ownership: the resource 
kit's Subinacl tool. Subinacl is a powerful tool, but its syntax 
can require some study. Takeown offers a command-line 
alternative with simple syntax. ^ 
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You can meet Mark Minasi 
at the upcoming Windows 
Connections 2007 confer¬ 
ence in Orlando, Florida, 
April 1-4. For more informa¬ 
tion, visit http://www 
.winconnections.com. 
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Recognized as the world's most powerful defrag¬ 
menter, PerfectDisk has always been the secret to 
faster, more reliable computers. Now, with a 
powerful new suite of enterprise tools, 

PerfectDisk 8.0 takes disk defragmen¬ 
tation to the farthest reaches of the 
enterprise, while placing total 
control right at your fingertips. 


Are you sitting down? 

Good, because the PerfectDisk 
Command Center™ lets you deploy, 
configure and manage the defrag¬ 
mentation of every system on the 
enterprise ... all from the comfort of your 
own desktop. 


m PerfectDisk s new 
patent-pending Resource 
Saver™ technology finds all 
the fragments of a file without 
first opening the file, efficiently 
defragmenting even the largest 
of drives with minimal system 
impact. 


PerfectDisk s Space Restoration 
Technology,™ with its Consolidate Free Space 
Defrag, lets you create the largest piece of contiguous free 
space available prior to creating large files or performing 
partition resizing operations. 


Top 


Your 

Enterprise 
Can’t Wait 
For 

PerfectDisk 


No hidden surcharges. Unlike other defragmenters, 
PerfectDisk doesn't charge you extra for super-sized 
drives, or administrative console features. 
Microsoft-certified PerfectDisk simply 
makes it easy to defrag every 
drive on the enterprise. Period. 


O ■ To ensure your 
drives are always in shape, 
new AutoPilot Scheduling™ 
lets you set your computers to 
defrag automatically. What's 
more, unlike the competition, new 
intelligent Screen Saver Mode auto¬ 
matically defragments idle computers if 
a user-defined number of days has 
passed since the last defrag. 


PerfectDisk's new I/O 
and CPU throttling features 
automatically detect when 
a system is "busy" and 
reduces its disk I/O or CPU 
usage accordingly, making the 
defragmentation of even the 
busiest drives practical. 


■ And best of all, PerfectDisk 8 
defragments, optimizes and consolidates even 
the largest drives in a single pass. Done. And with our 
Competitive Trade-up Program, the time is great to migrate to 
8. So why wait? Download a FREE trial at 
www.perfectdisk8.com. 


1 - 800 - 546-9728 


www.perfectdisk8.com 
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Top 10 


Most Enticing Vista Features 

Check out this countdown of the new OS’s greatest tools 


W indows Vista was more than 5 years in the 
making, and it's definitely the most impor¬ 
tant Microsoft OS release since Windows 
2000—maybe even of all time. The Vista editions that 
will appeal most to businesses are the Vista Business and 
Vista Enterprise editions. Vista Business includes domain 
support and other business-oriented features, such as 
Microsoft IIS and Windows Meeting Space. Vista Enterprise 
includes everything that Vista Business offers, plus a few 
additional exciting features, including the new BitLocker 
Drive Encryption and licenses for as many as four virtual 
machine (VM) instances. Vista Business will be preloaded 
on systems and sold in retail outlets; however, Vista Enter¬ 
prise is available only to volume-licensing customers. Let’s 
take a look at some of my favorite Vista features, with an eye 
toward business productivity. 


Aero Glass UI— Every new Windows ver¬ 
sion has to have a "cool" factor that sepa¬ 
rates it from the previous editions, and 
Vista's cool factor is the Aero Glass inter¬ 
face. Aero Glass boasts rounded transparent windows; 
animations; and scalable icon support. On the downside, 
however, the interface does require a DirectX 9.0-compat¬ 
ible graphics adapter with a minimum of 128MB of RAM. 


9 New Windows Explorer —Many people prefer the 
Macintosh-like expanding-folder style of the new 
Windows Explorer to Windows XP’s hierarchical 
style. One nice Windows Explorer feature in Vista 
is the new breadcrumb navigation link, which enables you 
to easily jump to specific directories in your navigation 
path. 

8 New Start menu— Vista sports a new Start menu 
that's shaped like a button and features an inte¬ 
grated search capability. An expanding-folder style 
replaces XP's cascading menu style, which makes 
the Start menu easier to use and uses desktop space more 
efficiently. 


7 64-bit support— The primary advantage of 64-bit 
support lies in its ability to break the 4GB memory 
limit that was part of the 32-bit x86 architecture. 
There are few applications that need 64-bit sup¬ 
port, but the increased memory capacity benefits multiple 
32-bit applications running in Vista's Windows on Windows 
64 layer. 


6 Sidebar and gadgets— One of Vista's productivity 
enhancements is the Windows Sidebar and its 
associated gadgets. The gadgets are specialized 
lightweight applications, such as a clock, a calen¬ 
dar, and RSS readers. You can download additional gadgets 
from the Windows Live Gallery. 


5 Sync Center— The new Sync Center lets you easily 
synchronize data and files between your Vista desk¬ 
top and your Vista laptop systems. Sync Center isn't 
limited to laptops; it also supports file synchroniza¬ 
tion to multiple systems and network servers. Sync Center 
compares files between two locations and copies the newer 
version of the file to the target location. 


4 Windows Backup— Windows' backup and restore 
capabilities have been in a deep freeze since the 
release ofWin2K. But Vista's new Windows Backup 
feature has a vastly improved UI, takes advantage of 
Volume Shadow Copy Service (VSS), and lets you back up 
data to optical media such as CD-ROMs and DVDs. 


3 Windows Meeting Space— Windows Meeting 
Space is a new Vista productivity tool that lets you 
share your system with as many as 10 users. Win¬ 
dows Meeting Space can display your desktop or an 
application on other Vista systems and enables file sharing 
and multiple-user editing. 


2 Internet Explorer 7.0— Microsoft Internet Explorer 
(IE) 7.0 is vastly improved over IE 6.0. Like Mozilla 
Firefox, IE 7.0 provides a tabbed interface, letting 
you easily open multiple Web sites in one browser 
window and jump between them. IE 7.0 also features a new 
search capability and shrink-to-fit printing capability. 


Security— The most important newA 

features in Vista are all about security. 
User Account Control prevents appli¬ 
cations from running with unneces¬ 
sary administrative privileges and 
prompts users when administra¬ 
tive rights are necessary. Vista also 
includes Windows Defender to protect 
your machine from spyware, and Vista Enterprise 
provides BitLocker Drive Encryption, which pro¬ 
tects data on laptops. ^ 
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Know? 


You can speed a Vista 
PC's performance without 
adding RAM? Windows 
ReadyBoost lets you 
use a USB flash drive to 
extend system memory. For 
details, go to http://www 
.microsoft.com/windows/ 
products/windowsvista/ 
features/details/ready 
boost.mspx. 
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What’s Hot 


Blake Eno (ljeno@windowsitpro.conT) 

is product editor for Windows IT Pro and SQL Server Magazine. 


Readers Review 




At a Glance 

NirSoft’s ProduKey.78 

Hardcopy.80 

VMware’s Converter 3 Beta.84 



Simplify Product Key Extraction 


_5HsLaliberlB, senior technical consultant 


Reader: 

Alexis Laliberte 
Senior technical 
consultant 

Product: 

ProduKey 

Company: 

NirSoft 

Contact: 


NirSoft’s ProduKey 

I won’t go on and on about how 
scripting can save you a lot 
of time. It has been said thor¬ 
oughly, and all serious IT integrators 
know that scripting is one of the keys 
to a successful implementation. So, 
when trying to extract Windows and 
Microsoft Office product keys, I was 
especially happy to find Nirsoft's 
ProduKey. Although there are plenty 
of freeware utilities that will extract 
product keys, ProduKey is among the 
only ones to support command line 
parameters. It lets systems admin¬ 
istrators and network consultants 
script and automate Windows and 
Microsoft Office key recovery. The 
tool also offers great flexibility with 
its parameters, from providing meth¬ 
ods to extract the keys to methods of 
generating the output to HTML files 
or plain text, and so on. 


Before ProduKey, I used other 
freeware programs or expensive 
asset inventory and audit man¬ 
agement software. The problem 
with some other freeware solu¬ 
tions is that you can use only 
a GUI to extract product keys. 
Although this can be good for a 
small company or department, it 
becomes really tedious whenever 
you need to extract keys from doz¬ 
ens or hundreds of computers. 
As for asset inventory and audit 
management software, this is just 
overkill when you simply want to 
recover a Windows product key. 
With ProduKey, extracting keys 
from dozens of computers is no 
longer a burden and can be fully 
automated by putting a few lines 
of code inside an existing logon 
script. 


www.nirsoft.net 
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When it comes to disaster, it’s not IF, but WHEN. 
And too often, it’s when you least expect it. 


Get High-Availabilty and Disaster Recovery 
“In-One” With Double-Take ®. it is your job to keep 
servers up, data available and prevent downtime. Failure to 
protect mission critical data and applications can set your 
business back by weeks, months or worse. Disaster 
recovery is now one of the highest IT priorities. 

In today’s business climate, 

you have to have a tested Double -Take 

plan and reliable tools in 
place for the moment your 
server (or site) goes down. Double-Take fs that 
tool. Sold more than all other High-Availability tools 
combined, it is even certified for W2K Datacenter. No other 
HA tool is. A whole department sitting on their hands can 
cost thousands of dollars per minute. The ROI of 
Double-Take is a no-brainer. 


Double-Take delivers real-time data replication 
combined with fail-over so you have high- 
availability and disaster recovery for your 
(virtual) Windows Servers -- safely and securely. 

This is the reason that hundreds of Fortune 500 companies 
worldwide use Double-Take to ensure their business 
continuity. Three levels of data 
compression allow more data to 
be replicated and increase 
performance and scalability. 


Double-Take gives you the peace of 
mind your data is safe and your job 
secure. Don’t wait. Download a free 
30 -day eval copy right now and start 
protecting your data and applications. 



Microsoft® 

windows 

Server ‘'2003 

FniirilJiinfiihliir 
Entorpnoo bhlnn 


Download your free eval copy today! 



Sunbelt Software 


Sunbelt Software Tel: 1-888-688-8457 or 1-727-562-0101 Fax:1-727-562-5199 www.sunbelt-software.com sales@sunbelt-software.com 

© 2006 Sunbelt Software. All rights reserved. Double-Take is a trademarks of Double-Take Software. All trademarks used are owned by their respective companies. 








What’s Hot 


Let Users Easily Print Screen Shots 

Hardcopy 


M y company's support 
staff needed an easier 
way to let our end users 
print screen shots for the programs 
they use. We use the screen shots 
mainly to troubleshoot errors in pro¬ 
grams or explain clerical errors that 
need to be fixed. We are currently 
using Hardcopy, and the results 
have been good so far. Hardcopy 
places a printer icon in whichever 
object a user has open, and all the 
user needs to do is click and it's done. 

The software supports direct emailing after creating the screen shot or 
hard copies for print. Our heaviest use so far has been for documenting 
intermittent error messages. This visual aspect of Hardcopy is easier to 
explain to users than "copying" and "pasting." From our central office, 
we handle 25 remote locations, so we save a lot of time because we 


Reader: 

Gerald Adams 
IT network/systems 
supervisor 

Product: 

Hardcopy 

Company: 

Hardcopy 

Contact: 

www.gen.hardcopy.de 


"\A/e highly 
recommend the 
product.” 

Gerald Adams, IT networlc/systems supervisor 

don't have to retrain users each time we need them to send us screen- 
shots. We highly recommend the product. 

Editor's note: Hardcopy offers a number of print screen options. By 
utilizing keyboard shortcuts or by clicking on the printer icon in your 
objects, you can print the current screen, current window, or a partial 
window. Hardcopy works with all versions of Windows, including 
Windows Vista, and is available as a free download on Hardcopy's 
Web site. 
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- Urgent Desktop Alert 

Would you like to alert your users of urgent 
information direct to their desktops? 


Sick of employees not paying attention to important 
emails? 

ACEmessage Is a Desktop Aiert Solution to deliver 
messages over Open Applications on the users 
desktop,., instant information! 


17; 


ACEmessage 

• Fast, One-Way, Centralised Alert Distribution 

& Desktop Popup Styles (Fullscreen, Banner, Balloon, niscreet) 

• Message thousands of Desktops In minutes 

• Active Directory Integration 

• Free 30 Day Trial 



For more information visit www, spydamar.com 


^ privacy ware 


threatsentry 

host ips for windows web servers' 


t 


threatsentry 
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download free triaf 


* behavior-based hast ips + 
application firewall 

* slop known, new & inlornol throats 

* overcame lapses in patch management 
■ reinforce regulatory compliance 
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We know how you feel... 



Real-time monitoring,alerting, reporting 
& archiving solutions developed 
by IT Professionals for IT Professionals. 


TNT 


Software 

www.tntsoftware.com 



5EN5APHONE 


IMS-4DDD 


Monitor the REST of 
Your Computer Room! 



Water on the Floor 

Temperature 

Power Problems 

Security 

Smoke and Fire 

Humidity 

Video 

And much more 


Instant Notification by Phone or E-mail 
when events-threaten your Infrastructure. 



www.ims-4000.com 


877-373-2700 


Imagine*^ 

* Automated migrations 

* Minimal downtime 

* VM integrity maintained 

* GUI driven, no scripting 


• Managed cutover option^ 1 



For a free white paper on 

"Best Practices for Migration to VMware Infrastructure 3" 
visit www.vizioncore.com/migrations.html 
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Your website just got 



Our new data 


cai1.877.go1and1 


Our new data center sets unrivalled standards in web 
hosting. We have invested million to improve our 
customers' experience. Every single advance in our 
investment and expertise is geared to performance 
for customers. The proof is in the speed and the uptime. 

Ci 99.99% uptime - You can rely on 1&1 
Za Over 6 million customers worldwide trust 1&1 
z/ Feature packed hosting plans from $2.99/month 
z/ New! Powerful dedicated and virtual servers 


















better with 1&1! 


center offers you more power, more security, more value! 


II 



Included Domains 
Web Space 

Monthly Transfer Volume 
E-mail Accounts 
Mailbox Size 

Search Engine Submission 
Website Builder 
Flash Site Builder 
Photo Gallery 
RSS Feed Creator 
Ad-free Blog 

Map & Driving Directions 
Dynamic Web Content 
Web Statistics 
E-mail Newsletter Tool 
In2site Live Dialogue 
Chat Channels 
Form Builder 
Premium Software Suite 
90-Day Money Back Guarantee 
Support 

Price Per Month 



1 


9 


99 


Yahoo! 

Go Daddy 

STANDARD 

PREMIUM 

1 

$1 .99/year with purchase 

10GB 

200 GB 

400 GB 

2,000 GB 

500 POP3 

2,000 POP3 

2 GB 

10 MB 

/ 

Extra charge applies 

/ 

Freeware 

— 

— 

/ 

/ 

— 

$4.99/month 

/ 

Freeware 

/ 

— 

/ 

— 

/ 

/ 

$10/month 

$3.99/month 

— 

— 

— 

/ 

/ 

— 

— 

— 

— 

— 

24/7 Toll-free Phone, E-mail 

24/7 Phone, E-mail 

s 19 95 

$<1499 


We offer a variety of hosting packages to fit your needs and budget. 


© 2007 1&1 Internet, Inc. All rights reserved. Prices based on a comparison of regular Linux prices, effective 1/25/2007. 
Product and program specifications, availability, and pricing subject to change without notice. Some limitations apply to the 
Money Back Guarantee. Visit 1and1.com for details. Go Daddy is a registered trademark of Go Daddy Software, Inc.; Yahoo! 
is a registered trademark of Yahoo! Inc. 
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What’s Hot 


Migrate to a Virtual Infrastructure 


VMware Converter 3 Beta 


S tarting a new datacenter in 
the virtual machine (VM) 
world would be a snap, but 
what if you already have physical 
servers running and configured? 

Most infrastructure departments 
simply don't have the time to man¬ 
ually move each server to a VM. 

Fortunately, VMware has a product 
called P2V Assistant to automate 
the process. The next-generation 
P2V (Physical to Virtual) and V2V 
(Virtual to Virtual) conversion tool 

is called VMware Converter 3, which is currently in beta testing. Con¬ 
verter can migrate physical, virtual, and even disk images like Norton 
Ghost. Once a machine has been converted to a VM, it can be used on 
VMware ESX Server 2.5 and higher, VMware Workstation 4 and higher, 
VMware GSX Server 3.x, VMware Server 1.0, and even VMware Player. 


Reader: 

Eric Rux 

Systems administrator 

Product: 

VMware Converter 3 
Beta 

Company: 

VMware 

Contact: 

www.vmware.com 


"Converter is simply amazing” 

—Eric'Rux, systems administrator 

Converter comes in two editions: Starter and Enterprise. The Starter 
Edition is a free download from VMware's Web site and can migrate 
only one server at a time. Enterprise is a licensed product (licensing 
costs have yet to be determined) that can perform multiple migrations 
all at once. Converter supports cold as well as hot migrations. Cold 
migrations require you to completely shut down the physical server and 
restart it using a special boot CD, while a hot migration lets you keep the 
source server running during the migration. Strangely, cold migrations 
are only available in the licensed version of Converter. 

P2V was good, but Converter is simply amazing. Hot migrations greatly 
reduce the amount of downtime for a conversion. Converter also deals 
with the "utility partitions" that are found on HP, Compaq, and Dell 
servers much better than earlier versions of P2V. What makes this ver¬ 
sion really worth looking at is that the Starter Edition is free, and what's 
better than free? ^ 
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IT Automation 


WinBatch automates Windows PC's Fast 

* Simple Scripting 

■ 8QQ4 practical pies 

■ 2,500 case studies 

■ 30 special purpose libraries and extenders 
WmtwGch gives you the power (hat on iy 
top notch C4 * or VS dr/eiopers can enjoy, 
but ft tkei owdy the complexity 



Free Trial Copy 

www.winbatch.com 
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Guaranteed • Supported • Complete 
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Source 7 


Windows 

Proven Server Virtualization 


x86 Server Virtualization providing Blazing Fast 
Bare Metal Performance with a seamless upgrade path 


Download XenExpress for free! 


www.xensource.com/win or call 650.798.5900 


Plus, get 
a free t-shirt 
when you 
refer three friends! 


Simply Virtualize. 

Attend the Forrester webcast and 
world-wide roadshow on Server 
Consolidation. 

Sponsored by Intel and XenSource. 
Learn more at 

www.xensource.com/virtualize 
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Web Seminars 


On-Demand 

Tips and Tricks 
for Deploying and 
Managing Group 
Policy 

www.windowsitpro.com/go/netiq 

Are you planning to deploy 
or increase your use of 
Microsoft's Group Policy? 
Attend this free Web seminar 
and learn how to design a 
solid deployment plan, tips 
on the best ways to set up 
delegation, the importance 
of good Group Policy change 
control and how to optimize 
processing performance. 



Upcoming 


Got VoIP? 
Leverage Fax. 
www.windowsitpro.com/go/faxback 

The average 3-page fax takes 9 
minutes to send, costing your 
company $3.10. For that price, 
you could get a latte. Not a 
coffee fan? Consider this: If 
you deal with 25 faxes per day, 
that's over $10,000 per year! 
David Chernicoff can show 
you how new faxing technol¬ 
ogy can help you take advan¬ 
tage of your VoIP investment 
and save that $10,000. 

/ FaxBack 



Risky Business: 
Managing Risk 
Through Security 

& Continuity 

www.windowsitpro.com/go/neverfail 

Every business faces risk. 
Have you properly assessed 
your companies risk and 
put a focus on business 
continuity? Attend this free 
Web seminar and learn how 
you can ensure seamless 
recovery of your key systems 
and keep your users con¬ 
tinuously connected. 

^ • • | ™ 

neve rail 


Administering Windows Vista Security 
Thursday March 8, 2007 12:00 PM EST 
www.windowsitpro.com/go/symantec2 

loin Paul Thurott for a deep dive into administering 
Windows Vista's new security features with an em¬ 
phasis on the new Group Policy settings that are ex¬ 
posed by this release. This includes but is not limited 
to such topics as USB device blocking and the new 
Microsoft Desktop Optimization Pack, which helps 
enterprises streamline the deployment and manage¬ 
ment of Vista clients. Paul will also discuss compli¬ 
ance features in Windows Vista, and upcoming 
security innovations that will be enabled by combin¬ 
ing Windows Vista with Windows Server "Longhorn," 
such as the Network Access Control quarantining 
technologies. 

Symantec,. 


Messaging Secu¬ 
rity for Small 
and Mid-sized 
Businesses 

www.windowsitpro.com/ 

go/symantecl 

Did you know that 75% of 
corporate intellectual prop¬ 
erty resides in email? The 
challenges facing this vital 
business application range 
from spam to the costly 
impact of downtime and the 
need for effective, central¬ 
ized email storage systems. 
Join us for a free Web semi¬ 
nar and learn the key fea¬ 
tures of a holistic approach 
to managing email security, 
availability, and control. 

Symantec,. 


Find these and other Windows IT Pro Web seminars at 
www.windowsitpro.com/events 

















MICROSOFT 

EXCHANGE 

Connections 

2007 


register 


DIVE INTO THE 
NEW RELEASES WITH 
MICROSOFT ARCHITECTS 
AND INDUSTRY EXPERTS! 

April 1-4, 2007 



WINDOWS 

Connections 

2007 


Office 

Connections 

2007 


REGISTER TODAY AND 
TAKE ADVANTAGE OF THE 
EARLY BIRD DISCOUNT! 

go to: WinConnections.com 
or call 800-505-1201 
203-268-3204 


Orlando, Florida 

Hyatt Regency Grand Cypress 

KEYNOTES _ 

StF ] 

STEVE RILEY MARK MINASI TONY REDMOND 

MICROSOFT MR&D HP 


BONUS! GET MORE FROM CONNECTIONS! 

■ Take our special full day, hands-on troubleshooting courses 
in disaster recovery, message flow, or performance and 
attend sessions in the special SharePoint track. 

■ Sign up for the hands-on VBScript Master Courses or the 
PowerShell Master Courses. 

■ Microsoft will also be on-hand to walk you through their new 
vision and technology strategy for unified messaging and 
give you some tips on co-existence and migration from 
other platforms. 



Microsoft • 


WindowsITPro 


TechNet 


Conferences 
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DIRECTORY OF SERVICES 

Windows IT Pro Network 


Ad Index 


Search our network of sites dedicated to hands-on tech¬ 
nical information for IT professionals. 

http://www.windowsitpro.com 

Support 

Join our discussion forums. Post your questions and get 
advice from authors, vendors, and other IT professionals. 

http://www.windowsitpro.com/forums 

News 

Check out the current news and information about 
Microsoft Windows technologies. 

http://www.wininformant.com 

EMAIL NEWSLETTERS 

Get free NT/2000/XP/2003 news, commentary, and tips 
delivered automatically to your desktop. 

Windows IT Pro UPDATE 
Vista UPDATE 

Windows Tips & Tricks UPDATE 
Win Info Daily UPDATE 
.NET Briefing 

Exchange & Outlook UPDATE 
Scripting Central 
Security UPDATE 

SQL Server2005 Express UPDATE 
SQL Server Magazine UPDATE 
Storage UPDATE 
Windows IT Library UPDATE 
Connected Home EXPRESS 

http://www.windowsitpro.com/email 

PRO VIP ACCESS 

Exchange & Outlook Pro VIP 

Discover smart solutions for Exchange and 
Outlook administrators. 

http://www.exchangeprovip.com 

Scripting Pro VIP 

Learn how to create more powerful scripts and get tips 
for automating those tedious administrative tasks. 

http://www.scriptingprovip.com 

Security Pro VIP 

Discover practical, how-to advice for avoiding and 
solving security problems. 

http://www.securityprovip.com 

RELATED PRODUCTS 

Custom Reprint Services 

Order reprints of Windows IT Pro articles. Contact Michael 
Dudziak a t mdudziak@penton.com. 

Super CD/VIP 

Get exclusive access to all of our print publications, includ¬ 
ing Windows IT Pro, via the new, banner-free VIP Web site. 

http://www.windowsitpro.com/sub/vip 

Article Archive CD 

Access every article ever printed in Windows IT Pro 
magazine since September 1995 with this portable and 
speedy tool. 

http://www.windowsitpro.com/sub/cd 
SQL SERVER MAGAZINE 

Explore the hottest new features of SQL Server, and 
discover practical tips and tools. 

http://www.sqlmag.com 
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Ctrl+Alt+Del BY JASON BOVBERG 


Send your funny screen shots, juicy rumors, or industry 
humor to rumors@windowsitpro.com. If we use your 
submission, you’ll receive a Ctrl+Alt+Del coffee mug. 



IBM’s 

vaunted 

“ghost 

partition” 

backup 
capability s? 


n "Less than ZERO?" 

SP 


HJBM Rescue and Recovery Backup 


A bickup of jcur system is now *1 flrogress. Do rwt off dunng this 

ptOCftfi# 


Backing up amnion 5 cf d 
Estimated Time Remaining 65 m.#iifies 


UpdateEXPERT 


40X 


You have attempted to manage 0 machines, but your license limits you to a total of 150 
» \ machines, of which 151 are available. Please select fewer machines to manage. 


Backup Exec 


Concel 


OK 


j\ T here are 1973343630 adnuniistrafors connected to the T R EAS LI R YB D C backup set vet. 

* ' Other adminislratois be making changes. 


» 


Redefining 
the notion 
of “half” 


Progress 


Printing 4 of 8: 37% 


Cancel 


Yeah, but 
I think the 
other 1,978,343,629 
are on break 



YOUR NETWORK 
PRODUCT APPEARS 
TO BE A SHOEBOX 
FULL OF TWIGS 
AND LEAVES. 


by Scott Adams 



HO HO! JUST WAIT 
UNTIL my ENGINEER 
DOES HIS tAAGIC AND 
INTEGRATES IT WITH 
YOUR NETWORK! 
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Lose that important file? 

Protect against accidental file deletions with NEW Undelete® 5 

Now with version protection for Microsoft ® Office files 


According to the New York Times, file loss costs businesses an estimated $13 billion per year. The problem 
is that the Windows® recycle bin doesn't capture every deleted file, particularly files deleted over the 
network and older "saved-over" versions of Microsoft Office files. Not even your backup system provides 
comprehensive real-time protection. 


Now you can get complete up-to-the-minute file protection with 
instant recovery—get new Undelete 5! 

• NEW! Version protection allows instant recovery of older versions ol 
Microsoft Word, Excel and PowerPoint® files 

• EXCLUSIVE! Recovery of deleted files is easy and instant 

• EXCLUSIVE! Undelete 5 captures and protects all deleted files in real 
time — even files deleted by other systems over the network. No more 
lengthy backup restores! 

• Server and workstation editions available 

Try Undelete FREE! 

Visit: www.undelete.com/winUD5 

For volume license pricing and government or educational discounts, 
contact your favorite reseller or call 800-829-6468 reference number 4330 



■i 




corporation 


©2007 Diskeeper Corporation. All Rights Reserved. Undelete, Diskeeper and the Diskeeper Corporation logo are registered trademarks or trademarks of Diskeeper 
Corporation in the United States and/or other countries. Microsoft, Windows and PowerPoint are either registered trademarks or trademarks owned by Microsoft 
Corporation in the United States and/or other countries. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.undelete.com 
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Stop running behind on your daily desktop management tasks; 



Get back on track with ScriptLogic’s Desktop Authority. 

Ease the burden of daily desktop management tasks 

> Map printers and drives, set up Outlook profiles, and manage settings from a central console. 

Establish and maintain a standard operating environment 

> Enforce standard desktop configurations automatically. 

Extend the power of Desktop Authority 

> Add anti’Spyware, patch management and USB / Port security options for a complete solution. 


.OGICi 


Point, Click, Done! 




















